“I have nothing to hide” was once the standard response to surveillance programs utilising cameras, border checks, and casual questioning by the boys in blue.
Privacy was a concept generally respected in many countries with a few changes to rules and regulations often made only in the name of the common good. Things have changed, and not for the better. Why, you ask?
Everything from our web browsing to mobile devices and the Internet of Things (IoT) products installed in our homes have the intrinsic potential to erode our privacy and personal security, and it is not possible to depend on vendors or ever-changing surveillance rules to keep them intact.
Having “nothing to hide” doesn’t cut it anymore, it is no longer a valid response. We must all do whatever we can to safeguard our personal privacy not only from agencies and companies but also from each other. In Kenya, the data protection act’s purpose is to protect individuals’ rights and interests. It applies to data controllers and data processors processing data about data subjects in Kenya.
The Data Protection Act in Kenya is closely modeled after the EU’s GDPR, using many of the same provisions, requirements, and definitions as its European counterpart. For instance, it requires end-user consent before any processing or transferring of personal data to third parties may take place. This act made Kenya one of the first countries in Africa to have a comprehensive data privacy law.
So where does this loop in the Kenyan government? “Following enactment of the Data Protection Act, 2019, certain categories of data which are of strategic importance to the country must be processed in Kenya or a copy must be kept in Kenya. The Commission is therefore keen to work with relevant institutions such as Konza Technopolis Development Authority (KoTDA) to ensure that data is safely processed and kept within the country” said Immaculate Kassait, assuring Kenyans that their data is safe.
Further, the Data Commissioner stated that the Data Protection Act, 2019 recognises the need to build on human capacity in data protection and called on institutions to invest in data protection professionals as the field is very demanding and bears great potential.
Some of the rights the Data Protection Act Kenya provide data subjects with include the right to be informed about data tracking; the right to access data; to erasure and rectification of data; to opt-out of tracking; to data portability, and not to be subject to automated decision-making.
With the enactment of the law, the safety of Kenyans’ personal data whether within the hands of the government or not, seems to have a bright future, one that firms up the understanding, that privacy is a fundamental right.