Mixed response to Kenya's data protection law
Mixed response to Kenya's data protection law
After being signed into law by President Uhuru Kenyatta, the Data Protection and Privacy Act 2019 has received a muted response from the public and from companies that hold citizen data.
However, some multinationals, such as Microsoft, are still evaluating the implications of the new law and its impact on how to deal with customer data.
The newly introduced legislation lays down legal consequences of illegally processing personal information by both individuals and companies.
Industry experts believe there needs to be clarity on how the law will be implemented.
Advocacy group Article19 stated: "We also note that the Data Protection Act (2019) fails to provide clarity regarding the constitution of the ODPC (Office of the Data Protection Commission). We reiterate that the ODPC should operate as an independent constitutional commission, under Article 59 (4) of the Constitution of Kenya, 2010, and not as a State agency, in order to be free from undue political, administrative or commercial pressure, and to fulfil its specified purpose(s)."
The Group also warned of the implications for media professionals and the protection of sources.
"Journalists may find themselves facing criminal investigations where it is determined that the disclosure of personal data in an article, especially public figures, does not meet the public interest test."
Geoffrey Mathare, Finance Lead for Enterprise Business for Microsoft North, West, East & Southern Africa, Levant & Pakistan countries, said, "We are still trying to understand the full implications, I might not comment on it now ... (but) it is our responsibility as an organisation to come up with solution that is compliant with the law."
He added that Microsoft is fully compliant with GDPR and the company believes a lot the newly introduced legislation and that which is still going to emerge is based-and will be based on the GDPR template.