Last month (October 2020), President Kenyatta appointed Immaculate Kassait as Kenya’s first Data Commissioner.
The office was created when the Data Protection Act was passed in late 2019.
The appointment was announced in Parliament according to section 6 (4) of the Data Protection Act 2019.
However, the appointment did not imply the start of her tenure; she was still subject to Parliament grilling.
The Parliamentary Committee has since finished its interview.
And upon further considerations, Ms. Kassait is officially Kenya’s Data Commissioner. She has since been sworn in. The ceremony was presided by CoA Registrar Moses Serem.
As we had earlier stated, the office has many functions. Part of the Data Commissioner’s duties include, but not limited to:
- overseeing implementation of and being responsible for enforcement of the Data
Protection Act; - establishing and maintaining a register of data controllers and data processors;
- exercising oversight on data processing operations and verify whether the processing of data is done in accordance with this Act;
- promoting self-regulation among data controllers and data processors;
- conducting assessment for the purpose of ascertaining whether information is processed according to the provisions of the Act or any other relevant law;
- receiving and investigating any complaint by any person on infringements of the rights under the Act;
- taking such measures as may be necessary to bring the provisions of the Act to the knowledge of the general public;
- carrying out inspections of public and private entities with a view to evaluating the processing of personal data;
- promoting international cooperation in matters relating to data protection and ensure country’s compliance on data protection obligations under international conventions and agreements;
- undertaking research on developments in data processing of personal data and ensuring that there is no significant risk or adverse effect of any developments on the privacy of individuals; and
- performing such other functions as may be prescribed by any other law or as necessary for the promotion of object of the Act.
The state has been subject to complaints about the manner it handles personal information on digital channels.
To this end, many Kenyans are hopeful that the office will enforce the Data Protection law, and protect people from abuse from data handlers and processors.
Kenya is also one of the many countries whose citizens were allegedly part of the Cambridge Analytica fiasco where the company gained access to local Facebook user information, and used it to influence the 2017 polls.
The law has a clause that requires global tech companies to be compliant to local data regulations.
Perhaps the new office will come to test when the state will run the 2022 General Elections. It is at that period that people see a ton of personal information abuses, so it is our consensus that the issue will be rooted out by that time, hopefully.