Request for Feedback: 5-Year Reflections on Kenya’s Data Protection Act.

Dear Linda,

Many thanks for the good work. My quick comments

1. There is increasing awareness on the need to protect personally
identifiable information. . I attended a Public event on Friday in Kisumu
and had to give consent for my photos to be taken.
2. Regarding the fines, i think they should be reconsidered. During the
National Summit of Community Networks at Akala in Siaya County, i wondered
allowed what would happen if Akala Primary School was in breach. This is
due to the fact that sometimes students have to bring in Firewood or other
services in exchange for Financial considerations that enable them to
learn. We need to think about such scenarios.
3. During the same summit, the County Security Commitee was pleasantly
surprised with what is happening at the data protection front. We were
fortunate to have the ODPC lead in the Kisumu Office Mr. Wandera who
engaged them and agreed on the next steps with respect to awareness
creation. This shows that there is a great need of awareness to be created
before we can start emphasizing on punitive actions as a deterrent. To
quote the Prime Cabinet Secretary during the Connected Africa Summit last
week, we should not run too fast and leave the ball behind as we are
accustomed to.
4. With respect to Technology, AI can help especially using local languages
to create more awareness (pin yako siri yako kind of approach).

Thank you

On Thu, May 2, 2024 at 8:17 AM Linda Wairure via KICTANet <
kictanet@lists.kictanet.or.ke> wrote:

> *Day 4: **Data Subject Rights, Emerging Issues and Best Practices.*
>
> *Dear Listers,*
>
> Thank you for providing your expert insights and feedback regarding the
> suggested alterations and recommendations concerning the legal framework
> for data protection. Please review the attached document to confirm that
> all of your perspectives of prior discussions have been incorporated. Your
> contribution is greatly appreciated.
>
> Day 4 of our discussion will center on *data subject rights, emerging
> issues *and *best practices*. We invite you to share your insights
> and reflections on the following questions:
>
> 1. *Have you experienced any changes in the way state/non-state
> organizations handle your personal data since the implementation of the
> Data Protection Act, 2019?*
>
> 2. * What are some international best practices or benchmarks in
> data protection regulation and enforcement that the ODPC should consider
> emulating?*
>
> 3. * What recent technological advancement or practice do you
> believe presents the greatest data protection and privacy opportunity in
> Kenya?*
>
> Your expertise and input are essential in this endeavor, and we value your
> contribution to this vital conversation.
>
> Please feel free to respond directly to this email with your insights.
> Alternatively, you can reach out to Linda Gichohi (lgichohi@kictanet.or.ke )
> if you have any questions or additional comments.
>
> Thank you for your time and consideration.
>
> We look forward to your participation.
>
>
>
> Kind regards,
>
> Linda Gichohi.
>
> *Kenya ICT Action Network.*
>
>
>
> On Mon, 29 Apr 2024 at 20:30, Linda Wairure <lindagichohi@gmail.com>
> wrote:
>
>> *B.* *Day 2: Data Controllers & Processors *
>>
>> *Dear Listers,*
>>
>> Thank you for providing your expert insights and feedback regarding the
>> suggested alterations and recommendations concerning the legal framework
>> for data protection. Please review the attached document to confirm that
>> all of your perspectives of yesterday’s discussion have been incorporated.
>> Your contribution is greatly appreciated.
>>
>> *Day 2* of our discussion will center on *data controllers and data
>> processors*. We invite you to share your insights and reflections on the
>> following questions:
>>
>> 1. *In your opinion, what has been the key impact (positive/negative)
>> of the Data Protection Act, 2019, on state and private entities’
>> organizational policies, procedures, practices, and compliance levels from
>> 2020 to date?*
>> 2. *Poll: **Do you believe that the penalties imposed on
>> organizations for data breaches or non-compliance are sufficient to deter
>> future violations?*
>> <www.livepolls.app/result/6622dd8c0d1d3f4c690d6c01>
>>
>> Your expertise and input are essential in this endeavor, and we value
>> your contribution to this vital conversation.
>>
>> Please feel free to respond directly to this email with your insights.
>> Alternatively, you can reach out to Linda Gichohi (
>> lgichohi@kictanet.or.ke ) if you have any questions or additional
>> comments.
>>
>> Thank you for your time and consideration.
>>
>> We look forward to your participation.
>>
>>
>>
>> Kind regards,
>>
>> Linda Gichohi.
>>
>> *Kenya ICT Action Network.*
>>
>> On Sun, 28 Apr 2024 at 22:03, Linda Wairure <lindagichohi@gmail.com>
>> wrote:
>>
>>> *A. **Day 1: Legal Framework on Data Protection*
>>>
>>>
>>> Day 1 of our discussion will center on the Legal framework surrounding
>>> Data Protection. We invite you to share your insights and reflections on
>>> the following questions:
>>>
>>> 1. *What areas of Kenya’s legal and policy framework on data
>>> protection require improvement or updating? Please provide supporting
>>> justification/rationale.*
>>> 2. *Please provide three (3) recommendations for amendments to the
>>> Data Protection Act, and its attendant regulations.*
>>>
>>> Your expertise and input are essential in this endeavor, and we value
>>> your contribution to this vital conversation.
>>>
>>> Please feel free to respond directly to this email with your insights. Thank
>>> you for your time and consideration.
>>>
>>> We look forward to your participation.
>>>
>>>
>>> Kind regards,
>>>
>>> Linda Gichohi.
>>>
>>> * Kenya ICT Action Network.*
>>>
>>>
>>>
>>> On Fri, 26 Apr 2024 at 02:28, Linda Wairure <lindagichohi@gmail.com>
>>> wrote:
>>>
>>>> Dear Listers,
>>>>
>>>> As part of our ongoing efforts to assess the effectiveness and impact
>>>> of Kenya’s Data Protection Act (2019) over the past five years and in
>>>> anticipation of the NADPA Conference being held from 7 – 9 May 2024, we are
>>>> reaching out to gather your valuable insights and reflections. To this end,
>>>> KICTANet will be moderating an online discussion on the KICTANet mailing
>>>> list from *Monday 29 April 2024 – Friday 3 May 2024.* We want to draw
>>>> special attention to the contributions of the Data Governance and Emerging
>>>> Technologies Working Group on the ICT legislative reform process and in
>>>> particular the recommendations on data governance.
>>>>
>>>> To chart the progress, challenges, and considerations for the future of
>>>> data protection in Kenya, KICTANet shall be exploring the following topics
>>>> over the course of next week through targeted daily questions for your
>>>> reflections.
>>>>
>>>> *TOPICS:*
>>>>
>>>> *A. **Day 1: Legal Framework on Data Protection*
>>>>
>>>> *B. **Day 2: Data Controllers & Processors *
>>>>
>>>> *C. **Day 3: Data Subjects’ Rights*
>>>>
>>>> *D. **Day 4: Emerging Issues and Best Practices*
>>>>
>>>> *E. **Day 5: Recommendations and Shaping the Future.*
>>>>
>>>> Please feel free to respond directly to this email with your insights.
>>>> Alternatively, you can reach out to Linda Gichohi (
>>>> lgichohi@kictanet.or.ke) if you have any questions or additional
>>>> comments.
>>>>
>>>> Thank you for your time and participation.
>>>>
>>>> Regards,
>>>>
>>>> *Linda Gichohi.*
>>>>
>>>> *Kenya ICT Action Network.*
>>>>
>>>