Hustler Fund and the data protection implications


Data protection laws mostly aruse out of need to protect the people from
The State.

You will find out, that Germany, after the profiling and invasion of
privacy of citizens during the Nazi regime, was the first to institute
privacy laws.

Europe itself, leads in data protection legislation because if that, and
under scores privacy and data protection as fundamental human rights in its
EU Charter.

It accelerated adoption of the GDPR, after Eric Snowden leaked the mass
surveillance of EU, and other citizens of the world, by US agencies.

The gridlock between the YS and the EU post-Schrems II decision by the
European Court of Justice is still about State access to personal

The Huduma Number case here in Kenya, was largely about the same violations
of processing of personal data.

Indeed, as Justice Jairis Ngaah, noted, privacy is enshrined in our
Constitution. Article 31.

Purposive interpretation of the same will tell us that it was not merely a
copy paste job from the UDHR, the ICCPR or even the EUCHR. It was also
informed by pervasive state intrusion into people’s privacy and
communications by the Kenyan State especially during the KANU era. Which is
why Article 31 sits alongside 33 and 35 on freedom of speech, the press,
access to information etc

We could write a book about this but the key point remains, the State does
not have unlimited use of your personal information or to invade your
privacy without due reasons. The Limitations Clause, Article 24 explains
when this may occurr. Article 47-50 expound on this.

So, under the DPA, 2019 as it finds anchor in Art. 31, limitation and
indeed enforceability action can be brought to bear as against the State in
such matters.



On Thu, 1 Dec 2022, 17:32 Alex Watila via KICTANet, <> wrote:

> Dear Walu,
> It’s one of those theories of why governments are needed.
> according to him, life was *“solitary, poor, nasty, brutish, and short”.
> It is a war “of every man against every man”.*
> because of that humans agreed to form governments and ceded some of
> their rights e.g. agreeing to be taxed
> Anyway, in data protection speak, doesn’t the government have a legitimate
> need to collect the hustler fund data? in addition, the citizen does opt in
> and provide consent for their data to be collected.
> I doubt the mpesa pin leaves the Safaricom network as it is being used to
> verify your identity (Your telephone lines are registered and linked to
> your identification documents)
> Regards,
> Alex
> On Thu, Dec 1, 2022 at 4:35 PM Walubengo J <> wrote:
>> @ Alex,
>> I am still stuck on this statement:
>> >>>i am still not convinced a citizen can demand privacy from the
>> government since the basics of government >>>is that citizens ceded private
>> rights in return for the public good (Hobbes theory of government)
>> I don’t know who ‘Hobbes’ is or was but please avoid him or her 😉
>> Your right to privacy is baked into your 2010 Constitution and even the
>> government should not take it away. Emphasis is of course on ‘should not’ –
>> the fact that most governments regularly do and violate citizen privacy
>> should never, ever be normalized.
>> walu
>> —
>> On Thursday, December 1, 2022 at 11:31:57 AM GMT+3, Alex Watila via
>> KICTANet <> wrote:
>> in terms of data privacy the government has legitimate right to access
>> your information since you require them to provide you with services
>> i am still not convinced a citizen can demand privacy from the government
>> since the basics of government is that citizens ceded private rights in
>> return for public good (Hobbes theory of government)
>> in terms of mpesa pin i doubt it leaves mpesa. GoK is just using an
>> existing platform (shared services concept we have been pushing) to deliver
>> a public good
>> On Thu, Dec 1, 2022, 10:20 tevin mwenda via KICTANet <
>>> wrote:
>> Dear listers,
>> The Kenyan Government launched the much hyped hustler fund a digital
>> lending platform. Credit will be accessible through various lending
>> platforms such as M-PESA. Out of curiosity I can not help but wonder what
>> are the data protection implications of the system. For example what data
>> will be used as baseline to determine your credit worthiness. Is it data
>> held by government, credit reference bureaus, the lending companies or we
>> are starting from scratch ? Who will be the main data controller of the
>> data collected is it government is it the companies. If it’s the government
>> how much data will they have on Kenya and their credit worthiness and what
>> are the implications of that. Who will store this data? Are their any data
>> sharing agreements in place between the entities involved. What data
>> subject rights have been provided and does the consumer understand them? It
>> will be intresting to see how this develops and the discussion from a data
>> protection perspective.
>> —
>> Kind Regards
>> Tevin Mwenda Gitonga