[kictanet] Day 2- Policy and Regulatory Framework on Privacy and Data Protection

Thu Aug 23 18:12:17 EAT 2018

Listers,

When talking about the rights of data subjects can we then discuss the 
list of exemptions.

Lets take the example of processing personal data for research (section 
53) - why is it that a data subject should not have the right to be 
removed (forgotten) from this research data-set.

Assume for a minute that this research person/institution has a very 
relaxed level of data security/handling and the dataset including all 
the raw non-anonymized data of each data-subject is lost (maybe 
repeatedly). It seems a bit strange that you should not have any rights 
as a data-subject in cases where you loose confidence in a 
data-processor - just because they are exempt.

All the exemptions may also be misused as loopholes for non-compliance - 
"oh all that data we have over here - we keep that for research purposes".

Kind regards
Michael Pedersen

On 23/08/2018 07:37, kanini mutemi via kictanet wrote:
> *Day 2- Rights of Data Subjects *
>
> Good morning Listers,
>
> Day 1 we commented on the principles of data protection mentioned in 
> the draft policy and bill. Today, we will look at the rights of data 
> subjects. For demonstration purpose, when you fill in your details at 
> a mobile money agent’s shop–
> /                  You- data subject /
> /                  The mobile money agent- data processor /
>
> The data subject is the person to whom the data concerns.
>
> Here are the rights as listed in Clause 23 of the Bill. I have added 
> comments underneath to help us visualise what these rights would mean 
> in the future.
> *1. The right to be informed of the use to which the personal data is 
> to be put*
> Eg. When we leave our details at the entrance to buildings, I expect 
> that they will explain what the data will be used for.
>
> *2. Right to access their personal data in custody of data controller*
> Will we be able to demand from our mobile network operators to see our 
> account details and transactional history?
>
> *3. Object to the collection or processing of all or part of their 
> personal data*
> Will we be able to opt out of the biometric ID registration proposed 
> by the Ministry of ICT here 
> <https://www.businessdailyafrica.com/economy/Biometric-IDs-listing-set-for-this-year-after-secret-tender/3946234-4694828-v50ngv/index.html>?
>
> *4. Correction and deletion of false or misleading data *
> Are we ready for a right to be forgotten? Should it be absolute?
>
> What do we think of these Listers? Are there other rights that ought 
> to be included?
>
> 1.
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> Domain Registration sponsored by www.eacdirectory.co.ke
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/michael%40pluspeople.dk
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180823/654bb447/attachment.htm>