During the government’s initial campaign for Huduma Namba registration, the NIIMs database that should reportedly hone the delivery of services to Kenyans, it was reported that President Kenyatta had approved the progressive draft of the Data Protection Bill, 2018. The sentiment has since been echoed by the ICT CS Joe Mucheru, who referred to the proposal as progressive.
Before the Bill was taken to the Senate by Senator Gideon Moi and Parliament by Hon. William Kipsang’, the state had no single piece of data protection proposals or legislation. The matter continues to evoke data privacy concerns in a state where corporations and private businesses are not subject to stringent data protection rules, effectively making it challenging to protect people from misuse of their private information.
At the moment, statutory protection of peoples’ personal information is only exercised via different pieces of legislation put forth by different sectors of the ICT industry.
According to The Standard, CS Mucheru, who appeared before the Senate Committee on ICT to give his insights about the Bill lauded its provisions, which include the need for agencies that collect personal data to adhere to defined steps that target airtight protection from misuse, as well as ensuring integrity of the information in their possessions.
Should the Bill be signed to law, then the rampant and unlawful access and processing of personal data will be prosecuted. Unauthorized access has been an issue for an extended period, especially in current times when marketing of services and products has gone a notch high, marked by a series of marketing messages that users did not subscribe for.
According to Mucheru, the Bill, which has a privacy clause as well, ‘is in line with the development agenda we have as a country of becoming a digital nation. If passed into law, it will assist us to use technology to enhance the quality of life of Kenyans.’
Furthermore, the Senate meeting highlighted the need for an independent body to oversee the data collection process in place of a commission. Lastly, it was also mentioned that the Bill should have a clause for the establishment and running of a register for people and organizations processing personal data to make room for robust oversight.