The successful report launch by the Centre for Intellectual Property and Information Technology on the use of Biometrics technology for elections was well attended with key players in the ICT sphere. The event began with opening remarks from the Dr. Isaac Rutenberg, Director of CIPIT followed by presentations on the findings on the investigations by Francis Monyango and Robert Muthuri both from CIPIT. This was followed by presentations by John Walubengo, Mr. Fernando, Sharon Bosire, IEBC representative and lastly, Senator Halake.
The report found that Kenyan voters remain exposed to personal data abuse so long as there lacks appropriate legislative and enforcement issues. The full report can be found here.
John Walubengo, an ICT expert shed more light on the General Data Protection Regulations (GDPR). The presentation focused on defining who a data collector is as per the GDPR while giving emphasis on the rights and obligations of the data collectors and data subjects. The concept of data minimization as a principle of data privacy emerged in explaining the rights of data subjects one of them being the right to have only relevant and not excessive data of the subjects collected. In terms of security of data, developers of products that use personal data were advised on the importance of not only securing data but demonstrating to users that their data is secure.
With regards to data controllers who in this case are the developers, certain obligations were highlighted. They include: breach notification, obtaining the necessary consents before using data, territoriality of data and lastly, the issue of penalties with regards to not fulfilling obligations was highlighted.
Sharon Bosire the Legal Officer at Communication Authority, brought to the attention of the attendees, the legal framework currently in existence in Kenya that addresses issues of data privacy; the Kenya Information Communication Act (KICA), 2009 and the KICA (Consumer Protection) Regulations, 2010. The CA representative was brought to task to explain why the authority did not have a portal for complaints on matters of infringement of data privacy during the election similar to the one of NCIC for reporting hate speech during the electioneering period.
Mr. Fernando Wangila, the ICT Director at National Transport and Safety Authority (NTSA) made a presentation on the efforts that the transport authority is making to ensure that the citizens’ data is secure given the introduction on the smart driving licenses that replaces the manual process of obtaining licenses. The presentation pointed to a belief that the illegalities that mar the vehicle registration and insuring of motor vehicles in Kenya will be cured through the use of online services and such efforts can only be bolstered by a secure data base that is free from manipulation. In this presentation, the aspect of integrity on the part of the authority’s officials was emphasized as a key ingredient to ensure that such databases remain accurate and trustworthy. One of the ways mentioned that would prevent illegal activities is the Transport Integrated Management System(TIMS) platform by NTSA where one can obtain digital log books, for online transfer of motor vehicles and for registration of vehicles.
The IEBC Representative gave an overview of how the IEBC systems work and the security measures that it has taken up. He sought to set the record straight with regards to security measures that IEBC has taken up to secure that citizens’ data is secure. The importance of accuracy of data that is inputted in systems was well emphasised, pointing out that inaccurate data would inadvertently affect the smooth operation of elections as was witnessed in the last elections.
Senator Halake, the Vice- Chair of the ICT Committee gave suggestions on how to tackle the data privacy issue form a legislative and enforcement point. In terms of legislation, she advised the academic sector such as CIPIT as well as other stakeholders such as KICTANET to come up with draft laws on Data Protection and Cybersecurity and submit them to the ICT committee for consideration. She emphasized that such contributions would be more practical as compared to expecting the legislature to come up with draft laws that are consistently requiring amendments due to challenges such as lack of well researched laws. In enforcement, she called for a reduction in the number of authorities being created to oversee implementation of various legislations. In this case, she applauded the recommendation in the report to allocate the role of Data Protection Authorities as is in other jurisdictions to the Office of the Ombudsman in Kenya. Lastly, she warned against adopting the provisions of the GDPR into our national legislation and called for coming up with legislation that serves our unique needs as GDPR serves the EU needs. In legislating, she pointed out the importance of striking a balance between encouraging innovation using data and protection of data of Kenyan citizens as she cautioned against too much legislation that would end up stifling innovation.