Nice piece, I am just wondering if I can have this conversation with Adongo
in Isebania. Reading through the piece I am curious to know where most of
the data controlers are located. My suspicion is Nairobi. Might it reflect
the general state of ecommerce in the country?

On Mon, 5 Dec 2022, 1:12 am Mwendwa Kivuva via KICTANet, <> wrote:

> By Immaculate Kassait, Commissioner, Office of the Data Protection
> Commission, via LinkedIn
> During the drafting process of the Data Protection Regulations, data
> localization was one area we received many queries about. Initially, we had
> very stringed regulations that required data to be stored locally. But upon
> receiving feedback from the stakeholders, we adjusted the requirements from
> processing information in Kenya to having just a copy stored in the
> country. The key questions we received on data localization were: 1. How do
> you insist on data localization in an era of Cloud Computing with the
> services not available in Kenya? 2. Does Kenya have the pre-requisite
> infrastructure i.e. tier three and above data centers, can we guarantee
> electricity flows, back-up, security, and safety of people’s data?
> The rationale behind data localization from a national security standpoint
> is purely about the data sovereignty of a nation. Imagine going to your
> bank to urgently get your statement for visa application, then you’re told
> you cannot access it because the undersea cable is down and hence it will
> take about 2 weeks to be fixed! Such challenges in accessing information as
> and when needed makes it difficult for business continuity and could result
> in revenue loss and reputational damage.
> As a sovereign state, there’s critical information unique and important to
> our country such that if the information is not available, the country will
> be grounded. In order to balance between the concerns raised on accessing
> this information and the sensitivity of the information, we resolved to
> have at least a copy of the information stored locally. This helps protect
> personal information created in Kenya, national security, law enforcement,
> and competitiveness of domestic market hence creating job opportunities for
> citizens.
> It is important to note that data localization does not apply to all
> information. It only applies to categories of information on civil
> registration and legal identity management systems for national security
> (your identity as a Kenyan), facilitating the conduct of elections,
> representation of Kenya, public finance by state organs, running systems
> designated as protected computer systems in terms of section 20 of the
> computer misuse and cybercrime act, information about children, healthcare
> among others.
> Some of the myths around data localization include all information being
> processed even for private businesses should be stored in the country;
> organizations are not supposed to use cloud services and lastly, data
> localization is expensive compared to cloud services. I trust that we have
> addressed these misconceptions most of you might have about data
> localization. What misconceptions did you have before reading this post?
> —
> Best Regards,
> ______________________
> Mwendwa Kivuva, Nairobi, Kenya