A few days ago, the online community was abuzz with complaints following a discovery that some Kenyans had been registered as members of various political parties without their consent.
The malicious registration was first noted by Twitter User Kiruti back in the day when he reported that he had been registered on two occasions without his approval: in 2012 and 2017.
The matter escalated when another Twitter user Echenze raised the matter on his page. Later, it emerged that the registrations were not an isolated case, which prompted an outroar from the public.
The office of the Data Commissioner, which was established exactly one year ago did not say anything about the concerns at that time. Later, the ORPP section was removed from the ecitizen platform.
Now, the Data Commissioner, Ms. Immaculate Kassait has issued a statement about the whole fiasco.
Kassait says that her office received more than 200 complaints of 24th June from the affected parties.
Later, her office held a meeting with the ORPP to ‘establish the status and resolve that the names of the complainants are deregistered by political parties.’
Furthermore, Ms. Kassait says that her office will continue engaging with ORPP and other data controllers and processors to ensure compliance with the Data Protection Act, 2020.
“The Office of the Data Protection Commissioner acknowledges those who have already taken action to exercise their rights under the Act, by filing a complaint form, the Office calls for patience from those aggrieved and assures the public that the Office is taking steps to ensure that the rights of data subjects pursuant to the Act are respected and protected,” reads a statement from the Data Commissioner.
Basically, those who have been affected will need to file a complaint form and wait for their names to be expunged from whatever political party they found themselves in.
And that will take a while.
The statement also appears to give the ORPP a pass for the massive data misuse. It does not state whether it will take any action for the breach, not does it highlight whether the Office of the Data Commissioner will look into the matter.
The statement also fails to assure the public that the ORPP will not do the same thing in the future.
Lastly, political parties, and the ORPP as a whole, have not issued any statement as to why legal action should not be taken against them for their part in the breach.