Day 8: Policy and Regulatory Framework on Privacy and Data Protection- Key issues

Thank you Robi!

Il giorno ven 31 ago 2018 alle ore 13:03 Robi Chacha <>
ha scritto:

> Dear Grace,
> The recommendations are great and apt.
> Thank you!
> Best,
> Robi
> On Fri, Aug 31, 2018 at 11:37 AM Grace Bomu via kictanet <
>> wrote:
>> Dear listers,
>> During the discussion on the draft data protection policy and bill, a
>> summary of issues includes:
>> – Listers recommended that the policy be expanded to look not only
>> into data privacy but also issues to enable a privacy respecting data
>> economy such as skills gap, standards, public funded data, data centers
>> etc.
>> – L
>> isters appreciated the principles for data protection as provided for
>> in the bill and called for ways of translating them into privacy promoting
>> practices within the data economy. For example, there was advocacy for
>> inculcation of data minimisation.
>> – Concerns were raised that if proper mechanisms were not put in
>> place, there was a risk of small data holders such as MSMEs not being able
>> to comply and the bill being a risk to innovation and growth.
>> – Data subject rights as provided for in the bill were viewed as
>> progressive. While there was debate on whether the right to be forgotten
>> should be absolute, listers recommended for this right with regard to
>> research data as well as data about children.
>> – While discussing data processors and controllers, listers debated
>> on data sovereignty and data residency and gave input on how Kenya could be
>> better facilitative of a local data economy. Listers also mused on
>> decisions made through automated means and how developments in artificial
>> intelligence impacted on personal privacy.
>> – On offences, some listers thought that they were not reflective of
>> data economy activities and that while they may be punitive to small
>> players, they were lenient for larger ones. Hence they recommended
>> graduated penalties. Listers also recommended for civil remedies to injured
>> persons under this law. Further, areas that did not have specified
>> penalties, for example not notifying a data subject in case of a breach,
>> were flagged out.
>> – The proposed institutional framework- office of the DPC came with
>> concerns on financing the office, powers of the DPC as well as independence
>> of the office.
>> – Finally, on exemptions, there was a recommendation for more
>> specificity to avoid eating into privacy of data subjects.
>> We shall translate these points, together with those shared during the
>> face to face forum at Strathmore University into submissions to the Task
>> Force.
>> We appreciate all those who gave input, asked questions and followed the
>> discussion to learn.
>> Please point out other areas we may have missed in this summary and ask
>> your questions- At least two members of the Task Force are here to attend
>> to you.
>> —
>> Grace Mutung\’u
>> Skype: gracebomu
>> @Bomu
>> PGP ID : 0x33A3450F
>> _______________________________________________
>> kictanet mailing list
>> Twitter:
>> Facebook:
>> Domain Registration sponsored by
>> Unsubscribe or change your options at
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people\’s times and bandwidth,
>> share knowledge, don\’t flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
> —
> ——
> Robi M. Chacha,
> LL.B (Hons) (Moi) Dip Law (KSL)
> 3rd EAC Youth Ambassador, Kenya
> +254(0)726235536 / +254(0)736368439
> Skype: robi.chacha4
> *- \”If you think youre too small to make a difference, try sleeping with
> a mosquito\” – Dalai Lama XIV*
> *Disclaimer:*This message contains confidential information and is
> intended only for the individual named. If you are not the named addressee
> you should not disseminate, distribute or copy this e-mail. Please notify
> the sender immediately by e-mail if you have received this e-mail by
> mistake and delete this e-mail from your system. E-mail transmission cannot
> be guaranteed to be secure or error-free as information could be
> intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
> contain viruses. The sender therefore does not accept liability for any
> errors or omissions in the contents of this message, which arise as a
> result of e-mail transmission.