Year in Review – ICT Law
As a Legal Tech Community, 2016 was the year when we saw increased stakeholder collaboration in development of ICT law and Policy, we also saw use of legal instruments to attempt to limit certain actions and activities earlier unregulated.
This piece seeks to highlight some of the key national legislative instruments that touch on ICT and would have an impact on the industry in 2016.
a) Access to Information Act
The Act seeks to create a framework to facilitate access to information held by private bodies and promote routine and systematic information disclosure by both public service and private service.
The Act cements citizens’ right to access information and this may not be limited by what the public entity’s beliefs are as to the person’s reasons for seeking access. Access to information of a public entity or private body shall be provided expeditiously and inexpensively.
The law also highlights inclusivity, access and accessibility, Proactive Disclosure and circumstances for limitation of this right and Information which may be withheld. The law was passed on 16/8/2016 and received Presidential assent on 31/8/2016. Read more about the Act here.
b) Copyright Amendment Bill
In an attempt to actively protect the rights of copyright owners through law enforcement and to prevent digital content piracy, the Kenya Copyright Board commenced work on amending the Copyright Act to facilitate protection of creative works on digital and online platforms through introducing intermediary liability provisions for ISPs.
The Copyright Amendment Bill is yet to be presented before Parliament for debate but it is expected to be presented early in the year.
c) The Cyber Security and Protection Bill, 2016
The principal object of this this bill was to provide increased security in cyberspace and to provide for the prohibition of certain acts in the use of computers. The law seeks to provide for the prohibition, prevention, detection, response, investigation and prosecution of cybercrimes to establish the national cyber security response unit and for connected purposes.
The law provides for creation of the National Computer Incidence Response Team, allows the CS to designate certain systems as critical infrastructure, to assess risk and determine harm from unauthorized access and or damage to such systems and recommend methods of securing systems against institutional cyber threats.
It permits for information sharing agreements between public and private entities to ensure cyber security, protection of life and national security.
It also created offences including for unlawful access to a computer system, system interference, unlawful interceptions, interception of electronic messages or money transfers, willful misdirection of electronic messages, forgery, fraud, unauthorized modification of data, cyber terrorism, cyber bullying, child exploitation, wrongful distribution of intimate images, cybersquatting among others.
This was a Senate Bill proposed by Hon Mutahi Kagwe and has since been withdrawn to allow for further public consultations and collection of views on the law.
d) Computer and Cybercrimes Bill 2016
This and the Cyber Security and Protection Bill, 2016 are closely similar and both deal with computer and cybercrime.
This particular one is before the National Assembly and intends to provide for offences relating to computer systems; to enable timely and effective collection of forensic material for use as evidence, and facilitate international co-operation in dealing with cybercrime matters; and for other connected purposes.
The provisions in international cooperation are very elaborate unlike in the senate bill to facilitate the investigation and prosecution of cybercrimes; and facilitate international cooperation in fighting cybercrime as in the Budapest Cybercrime Convention.
The offenses are largely similar to those in the earlier cybercrime bill and adopted from now existing provisions in the Kenya Information and Communications Act such as Unauthorized access, Access with intent to commit further offence, unauthorized interference and interception, use of illegal devices and access codes, Unauthorized disclosure of password or access code ,child pornography, computer forgery and computer fraud, cyber stalking and cyber bullying among others.
e) Data Protection Bill
The data protection bill has been pending for almost 4 years now, it seeks to provide for protection of personal information and hereby give effect to the constitutional right of a person not to have information relating to their family or private affairs unnecessarily required or revealed.
It embraces the principles of data protection such as necessity of collecting information, data subjects’ right to access information about them, imposition of duty to ensure information is accurate, updated and complete.
f) The Election Laws (Amendment) Bill, 2015
The Proposed Bill sought to introduce more elaborate provisions on the use of technology for elections and in the democratic process. The Bill intends to provide for registration of voters using biometric identification systems and an integrated electronic electoral system which includes biometric voter registration, biometric voter identification and electronic result transmission system.
Additionally, the proposed law also proposes the opening and availing of the register of voters for verification of biometric data by members of the public through online platforms unlike prior manual means.
The law also seeks to create a technical committee consisting of such members and officers of the Commission and such other relevant agencies, institutions or stakeholders who may be considered necessary to oversee the adoption of technology in the electoral process and implement the use of such technology. The ICT industry has given opinions to the Senate Committee through submission of memoranda.
g) The Films, Stage Plays and Publications Act (Proposed)
KOT were again up in arms on the streets of Twitter viciously killing and trying to stop the proposed Film Bill. It touched on several industries including the creatives’, content development, film production, broadcasting, software (game) development, advertising and the telecommunications industries.
With this we saw an attempt to regulate over-the-top (OTT) services, we witnessed a change of scope in the mandate of the regulatory body extended mandating the board to regulate the creation, exhibition and distribution of films, for the classification of broadcast content, online content and outdoor advertisements and to provide consumer advice to enable adults to make informed viewing choices.
It sought to enforce ISP liability for content to be exhibited or distributed through their platforms which was not classified and works availed by users who were not registered by the board as content creators.
This proposed law was a draft and has neither been published in the Kenya Gazette nor tabled before parliament for discussion. At the stakeholders meeting, board CEO, Dr. Mutua unequivocally stated that the bill was trashed and would restart the process of legislative drafting afresh beginning with the development of an industry policy to act as a guide.
h) The Finance Bill 2016
The Finance Bill sought to amend the law relating to various taxes and duties and for matters incidental thereto.
It introduced the duty to submit third party returns, that a person shall, upon being, required to do so by the commissioner, furnish the commissioner with returns showing such information, in such form and manner and within such time as the commissioner may prescribe.
This provision as relates to fin-tech firms could, if misinterpreted go against the right to privacy and data protection.
It also provides that SACCOs, banks, microfinance institutions and public utility companies ought to mandatorily submit information on clients.
Finally, the law states that there shall be data sharing between cross border regulators and institutions of their clients.
There’s a disclaimer proviso, that there is a mutual legal framework for the sharing of credit information; and the credit information is required for the discharge of a lawful duty or the performance of a lawful purpose by the person requesting for the information.
The law was passed and received presidential assent on 20/9/2016.
i) The Information Communication Technology Practitioners Bill, 2016
ICT players in Kenya were up in arms over a proposed bill called the Information Communication Technology Practitioners Bill, 2016 through #KilltheICTBill.
The key contentious issue with the bill was the need for all ICT Practitioners to be registered by the Professional Body Institution of ICT Practitioners; and that one of the key requirements for registration was a University Degree from a reputable University. Also, key stakeholders felt that the Bill was not representative of the situation on the ground and would hinder innovation rather than encourage it contrary to the ICT policy and government development agenda.
It provided that the institution would approve courses for purposes of registration of ICT practitioners, administer examinations, plan, arrange, co-ordinate and oversee continuing professional training and development of ICT practitioners.
It made it criminal for a person to practice as an ICT practitioner without complete compliance of statutory requirements and without an a valid practice license by the Council. So we didn’t see any bit in the policy on ICT practitioners, what the current problem being solved is or the philosophical underpinning.
Not just the institute, there is also proposed, a council to oversee the role of the institute and issues the practicing licenses. As per the ministry’s press release, it was clarified that the bill was a private members bill and even noted that the bill was not congruent with the proposed draft policy.
It went through the first reading on 22nd June 2016, debated in parliament on 06 July 2016.
j) Draft National ICT Policy
The Ministry of Information and Communications Technology had been working on development and drafting of a National ICT policy as outlined here and here. As per the policy, the core reason for this action was due to the rapid change and dynamic nature of technology.
The process of drafting the proposed ICT policy cemented the fact that the ICT Sector has embraced multi stakeholder-ism and established a collaborative system of co–working.
The policy adequately provided for innovators and content creators, ICT practitioners, local manufacturers, animation and game developers, academic researchers, the business community and telcos, financial technology service providers, persons with disabilities and Kenyans at large. Read more about the ICT policy here.
2016 has indeed been a busy and active year for ICT law and we foresee increased legislative drafting this coming year. Legislation is one of the key focus areas for this year.
On behalf of all lawyers in tech and the legal tech fraternity we wish you a prosperous 2017!