Introduction
Every year since 2007, various countries around the world come together to celebrate Data Privacy Day, observed on the 28th of January. For Kenya, this day commemoration, spearheaded by the Office of the Data Protection Commissioner, brings together Data controllers, industry players, consumers and businesses. The theme for the 2024 celebration is: ‘Fostering a Culture of Data Privacy 2024!’ It is important to note that the main aim of marking this day initially was to bring together businesses and users and raise their awareness of the importance of protecting their personal information on online platforms, i.e., on social sites. In the recent past however, this initiative has expanded to the promotion of events and activities geared towards encouraging development and compliance with data privacy laws and regulations through various multi-stakeholder engagement activities and approaches.
The Data Privacy Journey in Kenya
The Constitution of Kenya, 2010, guarantees the right to privacy as is set out in Article 31 (c & d). The clamour for privacy became apparent due to growing concerns about the unauthorised collection, use, and abuse of personal information by both government entities and private sector firms. This saw the government establish a Data Protection Taskforce in 2012, comprised of various stakeholders; – academia, civil society organizations, experts, and industry representatives. They were tasked with the development of a data privacy and protection framework for Kenya.
Consequently, the taskforce made recommendations which emphasized the need for legislation which takes into consideration individual rights on the one hand, but also leaves room for innovation and economic growth. Following this development, the Data Protection Bill was presented to Parliament in 2019, and passed into law in November of the same year, as the Data Protection Act. The Act provides for the establishment of the Office of Data Protection Commissioner (ODPC), mandated to oversee data protection in Kenya. This includes enforcing compliance, complaints handling, and imposing penalties for those found in breach.
Data Privacy& Protection for the SME Sector
According to the Act, individuals have the right to see the personal information that organizations hold about them and to ask that it be updated or deleted if needed. Additionally, the Act imposes an obligation on organizations to handle personal data responsibly, which includes getting consent from individuals, putting cybersecurity measures in place to protect against data theft or misuse, and also alerting people (especially those affected) when a data breach occurs.
One of the sectors of the Kenyan economy that heavily collects and collates data and information in their daily operation is the Small and Medium Enterprises (SMEs). Noting that it accounts for over 80 percent of total employment, whose data and information it possesses, it is therefore paramount that sector players put in place the necessary measures to ensure their consumer/customer information is protected from unauthorised access, use, and/or abuse.
The SME sector in Kenya has recently been faced with issues that hinge on the privacy of the data they have. In a policy brief titled ‘Combating Kleptocracy: State of Play in Kenya[1]”, one of the key issues that was identified is the need to “Dispel fears among the business community as to the safety of their information noting the protection by the Data Protection Act 2019.” This emanated from a diverse representation of SMEs who were sceptical as to whether to give their business information which they felt was sensitive, to the registering entity, in this case, the business registration service.
SMEs have immense and untapped potential that they can utilize to position themselves as strategic players in the dynamic landscape of the digital age. In line with challenges related to IT infrastructure and data storage, SMEs should undertake to understand how to securely store their data both locally and in other storage locations at their disposal. In addition, SMEs have not fully embraced policies that fully address privacy and security concerns, which is crucial to help in the accumulation and storage of information. This is exacerbated by the lack of adequate awareness of the provisions of the Data Protection Act, 2019, which the ODPC should embark on forthwith.
Many SMEs also do not have specific departments that are tasked with data management which may be due to budget constraints or lack of trained or expert personnel. It is important to note that the technology world is evolving, which requires SME’s to also shift gears to understand the magnitude and value of big data that they are holding, and how to leverage the same to their advantage, within the provisions of the Act.
Conclusion
As the world marks the Data Protection Day, it is noteworthy that Kenya has made a huge leap in terms of ensuring that the legal and institutional framework for data privacy and protection is in place. This, however, needs to be taken a notch higher in terms of roping in SME sector players, who not only have a massive dataset at their disposal, but also employ many individuals from whom they collect massive information. There is the need to ensure a balance is created between fostering of innovation within the SME sector, versus individual rights, if Kenya is to tap into the immense power of data on the one hand, while ensuring citizens’ privacy is protected on the other. Nevertheless, the spirit and letter of the Data Privacy and Protection Act must be upheld for this end to be achieved.
Photo credits: Freepik
[1]https://ieakenya.or.ke/download/combating-contemporary-kleptocracy-state-of-play-in-kenya/
This blog highlights IEA’s most recent work on taxation, a problem-driven political economy analysis of taxation.[i] After the study’s publication, a webinar was held to discuss the findings of the political economy analysis available here. [ii] In the introduction, the study outlines how Kenya’s tax policy faces challenges from its political ecosystem, structural factors, and […]
Case Adjournments is one of the key issues that contributes to case backlogs because it reduces the efficiency of courts. An adjournment in a legal setting involves pausing or temporally stopping ongoing proceedings to be continued at a later time, date, or location. It may also indicate the end of the day’s proceedings. Parties involved […]
Introduction In February 2023, the Kenyan government announced its intention to establish a framework that will enable Savings and Credit Cooperative Societies (SACCOs) to extend loans to each other. This inter-Sacco lending framework shall be set up by the Sacco Societies Regulatory Authority (SASRA) and was anticipated to be in effect from August 2023. This […]
While Kenya has long implemented the NHIF (National Hospital Insurance Fund) whose core mandate is to provide medical insurance coverage to all its members and their declared dependants and also to make medical care affordable, enrolment rates, particularly in the voluntary and informal sectors, remain low. Yet, NHIF is the most common type of health […]
Introduction According to the United Nations, Double Taxation Agreements (DTAs) are “bilateral agreements between two countries which allocate taxing rights over income between those two countries thereby preventing double taxation of income. The main objective of DTAs therefore, is to prevent and or eliminate avoidance and evasion of taxes on income and capital by both […]
Post date: Mon, Feb 5, 2024 |
Category: Data Privacy |
By: Stephen Jairo, |
Introduction
Every year since 2007, various countries around the world come together to celebrate Data Privacy Day, observed on the 28th of January. For Kenya, this day commemoration, spearheaded by the Office of the Data Protection Commissioner, brings together Data controllers, industry players, consumers and businesses. The theme for the 2024 celebration is: ‘Fostering a Culture of Data Privacy 2024!’ It is important to note that the main aim of marking this day initially was to bring together businesses and users and raise their awareness of the importance of protecting their personal information on online platforms, i.e., on social sites. In the recent past however, this initiative has expanded to the promotion of events and activities geared towards encouraging development and compliance with data privacy laws and regulations through various multi-stakeholder engagement activities and approaches.
The Data Privacy Journey in Kenya
The Constitution of Kenya, 2010, guarantees the right to privacy as is set out in Article 31 (c & d). The clamour for privacy became apparent due to growing concerns about the unauthorised collection, use, and abuse of personal information by both government entities and private sector firms. This saw the government establish a Data Protection Taskforce in 2012, comprised of various stakeholders; – academia, civil society organizations, experts, and industry representatives. They were tasked with the development of a data privacy and protection framework for Kenya.
Consequently, the taskforce made recommendations which emphasized the need for legislation which takes into consideration individual rights on the one hand, but also leaves room for innovation and economic growth. Following this development, the Data Protection Bill was presented to Parliament in 2019, and passed into law in November of the same year, as the Data Protection Act. The Act provides for the establishment of the Office of Data Protection Commissioner (ODPC), mandated to oversee data protection in Kenya. This includes enforcing compliance, complaints handling, and imposing penalties for those found in breach.
Data Privacy& Protection for the SME Sector
According to the Act, individuals have the right to see the personal information that organizations hold about them and to ask that it be updated or deleted if needed. Additionally, the Act imposes an obligation on organizations to handle personal data responsibly, which includes getting consent from individuals, putting cybersecurity measures in place to protect against data theft or misuse, and also alerting people (especially those affected) when a data breach occurs.
One of the sectors of the Kenyan economy that heavily collects and collates data and information in their daily operation is the Small and Medium Enterprises (SMEs). Noting that it accounts for over 80 percent of total employment, whose data and information it possesses, it is therefore paramount that sector players put in place the necessary measures to ensure their consumer/customer information is protected from unauthorised access, use, and/or abuse.
The SME sector in Kenya has recently been faced with issues that hinge on the privacy of the data they have. In a policy brief titled ‘Combating Kleptocracy: State of Play in Kenya[1]”, one of the key issues that was identified is the need to “Dispel fears among the business community as to the safety of their information noting the protection by the Data Protection Act 2019.” This emanated from a diverse representation of SMEs who were sceptical as to whether to give their business information which they felt was sensitive, to the registering entity, in this case, the business registration service.
SMEs have immense and untapped potential that they can utilize to position themselves as strategic players in the dynamic landscape of the digital age. In line with challenges related to IT infrastructure and data storage, SMEs should undertake to understand how to securely store their data both locally and in other storage locations at their disposal. In addition, SMEs have not fully embraced policies that fully address privacy and security concerns, which is crucial to help in the accumulation and storage of information. This is exacerbated by the lack of adequate awareness of the provisions of the Data Protection Act, 2019, which the ODPC should embark on forthwith.
Many SMEs also do not have specific departments that are tasked with data management which may be due to budget constraints or lack of trained or expert personnel. It is important to note that the technology world is evolving, which requires SME’s to also shift gears to understand the magnitude and value of big data that they are holding, and how to leverage the same to their advantage, within the provisions of the Act.
Conclusion
As the world marks the Data Protection Day, it is noteworthy that Kenya has made a huge leap in terms of ensuring that the legal and institutional framework for data privacy and protection is in place. This, however, needs to be taken a notch higher in terms of roping in SME sector players, who not only have a massive dataset at their disposal, but also employ many individuals from whom they collect massive information. There is the need to ensure a balance is created between fostering of innovation within the SME sector, versus individual rights, if Kenya is to tap into the immense power of data on the one hand, while ensuring citizens’ privacy is protected on the other. Nevertheless, the spirit and letter of the Data Privacy and Protection Act must be upheld for this end to be achieved.
Photo credits: Freepik
[1]https://ieakenya.or.ke/download/combating-contemporary-kleptocracy-state-of-play-in-kenya/
This blog highlights IEA’s most recent work on taxation, a problem-driven political economy analysis of taxation.[i] After the study’s publication, a webinar was held to discuss the findings of the political economy analysis available here. [ii] In the introduction, the study outlines how Kenya’s tax policy faces challenges from its political ecosystem, structural factors, and […]
Case Adjournments is one of the key issues that contributes to case backlogs because it reduces the efficiency of courts. An adjournment in a legal setting involves pausing or temporally stopping ongoing proceedings to be continued at a later time, date, or location. It may also indicate the end of the day’s proceedings. Parties involved […]
Introduction In February 2023, the Kenyan government announced its intention to establish a framework that will enable Savings and Credit Cooperative Societies (SACCOs) to extend loans to each other. This inter-Sacco lending framework shall be set up by the Sacco Societies Regulatory Authority (SASRA) and was anticipated to be in effect from August 2023. This […]
While Kenya has long implemented the NHIF (National Hospital Insurance Fund) whose core mandate is to provide medical insurance coverage to all its members and their declared dependants and also to make medical care affordable, enrolment rates, particularly in the voluntary and informal sectors, remain low. Yet, NHIF is the most common type of health […]
Introduction According to the United Nations, Double Taxation Agreements (DTAs) are “bilateral agreements between two countries which allocate taxing rights over income between those two countries thereby preventing double taxation of income. The main objective of DTAs therefore, is to prevent and or eliminate avoidance and evasion of taxes on income and capital by both […]