Liberating user data from the platform monopolies?

Hey Listers,

The data protection perspective expressed is valid and very important of
course. It may also appear counter-intuitive to the data liberation
perspective with data portability and interoperability that carry economic
expansion prospects. This is especially as the latter suggests liberalism
among users in *permitting access to or porting* of their own data
(anonymized or pseudonymized) which potentially compounds the data
protection considerations. My sense is that in Kenya, the kind of enabling
policies to unlock economic prospects of cumulative user data held by
platforms such as FB, Google, Safaricom, Amazon, Twiga Foods, etc. are not
in the purview of the Data Protection Commission alone. The competition
authority for instance would seem to have a role and perhaps some
collaboration with the Kenya Innovation Agency and other institutions. This
perspective may come off as utopian but I guess we should dare to dream.

Kind regards

On Thu, Oct 29, 2020 at 8:58 AM simiyu mse via kictanet <
kictanet@lists.kictanet.or.ke> wrote:

> A recent development with regards to data accessibility and portability.
>
> \’Technology giants like Twitter, Facebook and Google will soon come under
> government scrutiny for their handling of personal information belonging to
> Kenyans, the nominee for the position of Data Protection Commissioner told
> Parliament Wednesday.
>
> Appearing before the National Assembly’s ICT committee for vetting,
> Immaculate Kassait said the multinational technology companies will be held
> liable for the use of data belonging to Kenya or Kenyans whether they
> operate locally or outside the country.
>
> The data protection law, approved in November last year, sets out
> restrictions on how personally identifiable data obtained by firms and
> government entities can be handled, stored and shared.
>
> The Data Protection Act 2019 gives the commissioner sweeping powers on the
> investigation of data breaches. These include powers of entry and search
> and issuing administrative fines.
>
> “Even if they are internationally based companies and as long as they have
> data about Kenya, they have responsibility to adhere to laws of Kenya,” Ms
> Kassait, the current director of voter education at the Independent
> Electoral and Boundaries Commission (IEBC), said.
>
> Facebook said in 2018 the personal information of up to 87 million users
> may have been improperly shared with political consultancy Cambridge
> Analytica.
>
> [Link]
>
>
> www.businessdailyafrica.com/bd/economy/facebook-twitter-put-on-notice-for-personal-data-breach-2724682
>
> Regards.
>
> Simiyu.
>
> On Wed, Oct 28, 2020, 3:32 PM Rafe Mazer via kictanet <
> kictanet@lists.kictanet.or.ke> wrote:
>
>> I think the issue is not that there is technically an ability to access
>> your data, it\’s that the laws make no ability to make that easy, and easily
>> transferable to third parties to acquire new products and services. The
>> data portability language in the DPA gives up to 30 days, and allows for a
>> \”reasonable fee\” to be assessed. Those are subtle but significant barriers
>> to achieving the impact of portability being realized in other
>> jurisdictions and I think was an opportunity wasted when the DPA was
>> drafted–despite recommendations to revise this language during the
>> comments period.
>>
>> On Mon, Oct 26, 2020 at 5:00 PM Sidney Ochieng via kictanet <
>> kictanet@lists.kictanet.or.ke> wrote:
>>
>>> A bit late to this discussion. I\’m surprised that the entirety of this
>>> discussion didn\’t mention GDPR\’s data portability requirements or Kenya\’s
>>> own Access to Information(A2I) act. The mechanisms for this exist though
>>> this data is not necessarily accessible via API. GDPR even explicits
>>> says <gdpr-info.eu/art-20-gdpr/> that the data be machine
>>> readable and freely transferable.
>>>
>>> GDPR has helped with this in Europe, and it applies to every company
>>> that has data on European citizens no matter where in the world they are,
>>> and it comes with stiff fines for non-compliance. If we look at it locally
>>> I\’m yet to find any public entity that is in compliance with any part of
>>> the practical aspects of A2I act, including the CA of whom I\’ve made a
>>> couple of requests that seem to have disappeared into the ether.
>>>
>>> Even organisations like Safaricom that have the technical and financial
>>> capicity don\’t make it clear how to go about getting information from them,
>>> given that for sure they have Europeans on their network I wonder whether
>>> they\’re GDPR compliant and if that process is accessible to Kenyans.
>>>
>>> Listers the A2I was passed in 2016. How many of us have tried to use it
>>> to get information from an entity, public or private? What was the outcome?
>>>
>>> On Tue, 13 Oct 2020 at 11:11, John Kieti via kictanet <
>>> kictanet@lists.kictanet.or.ke> wrote:
>>>
>>>> Dear Listers,
>>>>
>>>> Just a random thought. What if the law entitled users to a periodic
>>>> (eg. quarterly) download of all data collected of them by large platform
>>>> companies (including telcos); and the users could grant file access to the
>>>> competitors as the user migrates? What if it was API-based data access that
>>>> the user could grant to third parties including competitors?
>>>>
>>>> What if there was an automated data depository eg. for telcos; whereby
>>>> I can invoke the right to access all the data the telco holds of me, and I
>>>> proceed to grant the data depository access to my data, automatically
>>>> retrieved from my telco A. That way my data *anonymized or otherwise
>>>> permitted* can be accessible from the depository and aggregated with
>>>> other peoples\’ to develop services on top of the data layer by third
>>>> parties such as startups, data mining & research services, and even telco B
>>>> which competes as an underdog with telco A.
>>>>
>>>> The assumption would be that the user owns the data held by the
>>>> platform/telco which has already got its head start with appropriating my
>>>> data by collecting it in realtime. It would also be assumed that access to
>>>> my data in the depository is only by licensed entities under stringent
>>>> rules that respect my access permission settings.
>>>>
>>>> What could go wrong with such an approach to user data? What could go
>>>> well?
>>>>
>>>> Any thoughts?
>>>>
>>>>
>>>> —
>>>>
>>>> John Kieti
>>>> Phone: +254-735-764242 // +254-722-764242
>>>> Twitter: @johnKieti // Skype: jkieti
>>>> Blog: gmeltdown.com <www.gmeltdown.com> // LinkedIn:
>>>> ke.linkedin.com/in/*kieti* <ke.linkedin.com/in/kieti>
>>>>
>>>> The ordinary just won\’t do
>>>> _______________________________________________
>>>> kictanet mailing list
>>>> kictanet@lists.kictanet.or.ke
>>>> lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>> Twitter: http://twitter.com/kictanet
>>>> Facebook: www.facebook.com/KICTANet/
>>>>
>>>> Unsubscribe or change your options at
>>>> lists.kictanet.or.ke/mailman/options/kictanet/sidney.ochieng%40gmail.com
>>>>
>>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>>> for people and institutions interested and involved in ICT policy and
>>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>>> sector in support of the national aim of ICT enabled growth and development.
>>>>
>>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>>> online that you follow in real life: respect people\’s times and bandwidth,
>>>> share knowledge, don\’t flame or abuse or personalize, respect privacy, do
>>>> not spam, do not market your wares or qualifications.
>>>>
>>>
>>>
>>> —
>>> Regards,
>>> Sidney
>>>
>>> *Twitter:* @princelySid | *Web: *
>>> sidneyochieng.co.ke
>>> *Skype: *sidney.ochieng | *Github:* princelySid
>>> <github.com/princelySid>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet@lists.kictanet.or.ke
>>> lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> Twitter: http://twitter.com/kictanet
>>> Facebook: www.facebook.com/KICTANet/
>>>
>>> Unsubscribe or change your options at
>>> lists.kictanet.or.ke/mailman/options/kictanet/rafe.mazer%40gmail.com
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people\’s times and bandwidth,
>>> share knowledge, don\’t flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet@lists.kictanet.or.ke
>> lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at
>> lists.kictanet.or.ke/mailman/options/kictanet/kensimiyu%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people\’s times and bandwidth,
>> share knowledge, don\’t flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
> _______________________________________________
> kictanet mailing list
> kictanet@lists.kictanet.or.ke
> lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> lists.kictanet.or.ke/mailman/options/kictanet/jkieti%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people\’s times and bandwidth,
> share knowledge, don\’t flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>