[kictanet] Day 2- Policy and Regulatory Framework on Privacy and Data Protection

Michael Pedersen michael at pluspeople.dk
Thu Aug 23 18:12:17 EAT 2018


When talking about the rights of data subjects can we then discuss the 
list of exemptions.

Lets take the example of processing personal data for research (section 
53) - why is it that a data subject should not have the right to be 
removed (forgotten) from this research data-set.

Assume for a minute that this research person/institution has a very 
relaxed level of data security/handling and the dataset including all 
the raw non-anonymized data of each data-subject is lost (maybe 
repeatedly). It seems a bit strange that you should not have any rights 
as a data-subject in cases where you loose confidence in a 
data-processor - just because they are exempt.

All the exemptions may also be misused as loopholes for non-compliance - 
"oh all that data we have over here - we keep that for research purposes".

Kind regards
Michael Pedersen

On 23/08/2018 07:37, kanini mutemi via kictanet wrote:
> *Day 2- Rights of Data Subjects *
> Good morning Listers,
> Day 1 we commented on the principles of data protection mentioned in 
> the draft policy and bill. Today, we will look at the rights of data 
> subjects. For demonstration purpose, when you fill in your details at 
> a mobile money agent’s shop–
> /                  You- data subject /
> /                  The mobile money agent- data processor /
> The data subject is the person to whom the data concerns.
> Here are the rights as listed in Clause 23 of the Bill. I have added 
> comments underneath to help us visualise what these rights would mean 
> in the future.
> *1. The right to be informed of the use to which the personal data is 
> to be put*
> Eg. When we leave our details at the entrance to buildings, I expect 
> that they will explain what the data will be used for.
> *2. Right to access their personal data in custody of data controller*
> Will we be able to demand from our mobile network operators to see our 
> account details and transactional history?
> *3. Object to the collection or processing of all or part of their 
> personal data*
> Will we be able to opt out of the biometric ID registration proposed 
> by the Ministry of ICT here 
> <https://www.businessdailyafrica.com/economy/Biometric-IDs-listing-set-for-this-year-after-secret-tender/3946234-4694828-v50ngv/index.html>?
> *4. Correction and deletion of false or misleading data *
> Are we ready for a right to be forgotten? Should it be absolute?
> What do we think of these Listers? Are there other rights that ought 
> to be included?
> 1.
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> Domain Registration sponsored by www.eacdirectory.co.ke
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/michael%40pluspeople.dk
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180823/654bb447/attachment.htm>

More information about the KICTANet mailing list