Data protection regulations have become a norm in different states across the world. In particular, the growth of internet-based products and services have prompted regulators and legislators to create some form of legal framework to protect user data from misuse, and this has primarily been the case in recent times with the launch of data protection institution such as the General Data Protection Regulation (GDPR) in the European Union.
Locally, things are a little different. Corporations and internet firms that deal with customer data, sensitive or otherwise have their own forms of privacy regulations.
However, there is no solid legal framework that protects the citizens from data-related abuses, bearing in mind that the issues have been raised several times by data protection activists and organizations that want businesses to safeguard private data.
A couple of months ago, the Senate and Parliament received similar data protection bills for deliberations. The Senate’s proposal was presented by Gideon Moi, while that in the National Assembly was read by William Kipsang’.
The assessment exercise has taken a long time amid concerns from people who have since faulted the state for doing little in matters regarding the safety of their data. A few weeks ago, President Kenyatta reportedly approved a progressive draft of the Data Protection Bill 2018, perhaps in response to questions that were raised about the safety of personal details that were being collected during the first phase of the Huduma Namba registration exercise.
The presentation of the two Bills is preceded by concerns that companies are not subjected to strict data protection guidelines. You do not need to look very hard to substantiate these assertions because it has become a common practice for some businesses to sell user data for marketing purposes. These messages are then passed to customers without their consent. There are tens of other customer data abuses that should effectively be managed or eliminated should the bills see the President’s signature.
Last week, the Senate was planning to vote on its data privacy bill. The meeting, which was to be attended by the Treasury and ICT CSs as well as the CBK for comprehensive engagement, was skipped by three parties.
According to Business Daily, the mentioned members had not prepared sufficient responses and requested an extension to Wednesday this week or another date.
It is worth noting that the Senate’s bill clashed on some unnamed clauses with that presented to Parliament, which is also backed by the government. The issues are said to have delayed the passing exercise, including the case where Mr. Mucheru failed to explain why the government was lobbying for a similar bill in Parliament.
It is also reported that ICT CS Joe Mucheru had abandoned Parliament’s version, and proposed some revisions for the Senate’s. Some of the suggestion that has since been communicated encompass GDPR-like provisions to align the Bill to standards set in other parts of the world.
There is also a suggestion that both bills should be harmonized, which should be the case as it is counterintuitive pursuing similar laws in the two houses.