[kictanet] Day 5: Policy and Regulatory Framework on Privacy and Data Protection- Offences and Remedies

Tue Aug 28 10:17:39 EAT 2018

Good morning,

The size of the data processor should have an effect on the magnitude of
the fines. Although all offences are equal , all penalties can't be the
same ,otherwise it would be an academic exercise  really. Of say, an
individual offender were fined large amounts ,then basically the option
would be a jail term by default for many non-wealthy persons.

On Tue, Aug 28, 2018, 9:56 AM Grace Bomu via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> Offences are public in nature and their prosecution and sentencing is
> carried out through the criminal justice system. Remedies on the other hand
> may be considered from a civil lens and examples include damages,
> restitution, coercive (injunctions) and declaratory remedies. They are
> personal and their aim is to give justice to the injured person. A trend
> with newer laws is the provision of both offences and remedies.  In the
> copyright law for example, in addition to criminal offences,  one can
> recover profits from pirated material.
> Back to our bill, the following offences are created:
>
> *Offence *
>
> *Penalty *
>
> Knowingly supplying false information to the data commissioner during
> registration as a data controller or processor ( clause 15 (3))
>
> General penalty under clause 59:
>
> 5 million shillings fine or 5 years imprisonment or both
>
> plus
>
> possible forfeiture of equipment and prohibition order
>
> Data controller or processor failing to notify the data commissioner about
> a change in particulars (clause 16 (7))
>
> General penalty
>
> unlawful  processing of personal data (clause 27)
>
> 5 million shillings fine or 5 years imprisonment
>
> Unlawful processing of sensitive personal data (part v)
>
> 5 million shillings fine or 5 years imprisonment
>
> Refusing to comply with a notice from the data commissioner or knowingly
> furnishing the commissioner with false information during investigations
> (clause 52(3))
>
> General penalty
>
> Disclosure of personal data by controller against specified purpose
> (clause 58 (1))
>
> General penalty
>
> Disclosure of personal data by processor without authority of controller
> (clause 58 (2))
>
> General penalty
>
> Obtaining personal data without prior authority of controller or processor
> (clause 58 (3)(a))
>
> General penalty
>
> Disclosure to a third party (clause 58 (3) (b))
>
> General penalty
>
> Offer (advertisement) to sell personal data obtained through unlawful
> disclosure ((clause 58 (4))
>
> General penalty
>
> The bill has taken the criminal law track and has not provided remedies
> targeting persons injured by contravention of the bill. It does however
> create a complaints mechanism where the public can lodge complaints with
> the data commissioner. The powers of the commissioner in addressing such
> complaints are limited to issuing notices.(and we shall be discussing more
> about the office powers of the data commissioner in due course)
>
> Our discussion today is on the question of choosing the offences route as
> opposed or in addition to the civil route. What are our thoughts on this?
> Should we have borrowed the pro-rated model of the GDPR where
> controllers/processors are charged administrative fines according to their
> revenue?
> And when we come to offences, are they adequate? Should the magnitude of
> the offence be measured against the size of the data processor or are all
> sins equal despite might of the transgressor?
>
> Listers, please share your views on these issues. As usual, we welcome
> identification of good and problematic clauses. Welcome to the discussion.
>
> --
> Grace Mutung'u
> Skype: gracebomu
> @Bomu
> PGP ID : 0x33A3450F
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> Domain Registration sponsored by www.eacdirectory.co.ke
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/jeffersonanyega%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180828/1320f01f/attachment.htm>