Day 7: Policy and Regulatory Framework on Privacy and Data Protection- Exemptions
Thnx GB and Mercy for keeping the discussion running.
I will not directly respond since am an \’interested\’ party 😉
However, I just wanted to share my take/overview of the bill in an effort to see if Listers can have the bigger picture and possibly send in more comments – belated or otherwise. Just ensure you pick the correct subject line (Day 1, 2, 3 etc) and submit your ideas.
Here is my overview.
WALUBENGO: Data Protection Bill is finally out – The key
|
|
|
| | |
|
|
|
| |
WALUBENGO: Data Protection Bill is finally out – The key
Data controllers determine the purpose for and the manner in which the data collected on citizens is processed.
|
|
|
walu
On Thursday, August 30, 2018, 9:32:03 AM GMT+3, Grace Bomu via kictanet <[email protected]> wrote:
Good morning listers,
Today we look at other issues in the draft bill that we missed during the discussions.
One is the question of exemptions, which are provided for in part vii. The grounds listed for exemption from the provisions of the Act are: national security and public order concerns, lawful disclosure, prevention of crimes, apprehension or prosecution of an offender and assessment or collection of tax. Interestingly, the draft empowers the cabinet secretary to determine national security and public order concerns. (clause 47(3))
Journalism, literature and the arts are also exempted from the principles of data protection. Where a publication is in public interest, the publisher is only required to comply with the relevant code of ethics. Processing and further processing for research, history and statistical purposes is also exempted from the principle of collecting data for a specified purpose. Although the proposed law gives a safeguard through the principle that data must eventually be destroyed, it does not give guidelines on time periods – it states that research data may not be kept indefinitely. Again, the CS is empowered to prescribe further instances when data may be exempted from provisions of the law (clause 50)
Finally listers, there are general exemptions in clause 2 of the bill. The law will not apply to sharing of information among government departments/ public sector agencies or to processing by an individual for purely personal business (this is the personal phonebook exemption)
Part of public reaction to this draft was that the bill gives with one hand and takes away with the other. Is this an exaggerated view and if so, how can this be cured in the draft? Are there other ways of dealing with the concerns raised in the exemptions (eg national security) without taking away data subject rights? Ultimately, should any data processor/controller be exempt from protecting data?
Also, are there other useful exemptions that we are missing?
Please share your thoughts on this issue and any other issue from the draft bill.