[kictanet] Day 4: Policy and Regulatory Framework on Privacy and Data Protection- Data Controllers and Processors

Mercy Njue mkawira2010 at gmail.com
Tue Aug 28 11:37:19 EAT 2018


Regarding sensitive data, there is need to increase the scope to Mobile
number, ID, Email, and postal addresses. Using someones number, you can
retrive a lot of meta data about the person. Using an email, you can
retrieve a lot of metadata that you wouldn't have had access to physically.
There is a lot of fraud happening, including identity theft that use your
ID, Number or email. So they need to be included as part of sensitive data.

Another key thing is increasing the jurisdiction to cover  Kenyans no
matter where they are. A lot of Kenyans are transacting online, which
increases the level at which their data is saved and used for and against
them. It's important that they are notified and agree or disagree with the
service provider and not be held hostage to not using the service if they
do not agree. And the purpose to which their data is used for.

Regards,
-- 
Mercy Njue
Founder Botlab

Botlab Physical Address: Ngong hills Hotel along Ngong road, 5th Floor
Office line: +254 700 915197
Email: Mercy at botlab.biz
*Endless possibilities :* www.botlab.biz



*"* What we are is God's gift to us. What we become is our gift to God. -
Eleanor Powell


On Tue, Aug 28, 2018 at 11:00 AM Grace Bomu via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> @Michael, on the issue of transfers outside Kenya, I foresee the need for
> international agreement on what constitutes basic data protection.
> Otherwise, some data processors will be able to build different products
> for different jurisdictions while those who cannot will be limited in how
> they can expand.
> To balance the question of platform as a service with @Muraya's comments
> on building the local data economy, maybe we need more evidence to
> determine what our local capacity is. In addition, the policy needed to
> rope in other stakeholders who are important for data protection, including
> the power sector (KPLC etc), academia on skills gaps and KEBS et al on
> standards, just to mention but a few.
> I hear you on the lack of incentive on notification and note this under
> the discussion on offences as one way to remedy this wold be to create an
> offence of not notifying in case of a breach.
>
>
> Il giorno mar 28 ago 2018 alle ore 00:58 Michael Pedersen via kictanet <
> kictanet at lists.kictanet.or.ke> ha scritto:
>
>> Listers,
>>
>> Regarding part IV of the draft I have noted the following points.
>>
>> *1. Transfers outside Kenya.*
>>
>> Very many (if not most) Kenyan websites/systems are hosted
>> internationally, AWS, Rackspace, and all the usual suspects are widely
>> used. As a result very often personal data is currently transfered
>> internationally.
>>
>> My issue here is what constitutes "proff" that a foreign nation have
>> "adequate" data protection laws? My first thought on this issue is that
>> Europe due to GDPR would be considered "adequate", whereas United States
>> would NOT be considered having "adequate" laws.
>>
>> If this is the case/correct interpretation then this law will have a
>> significant cost (money and time) for all the ones currently hosting in US
>> who have to migrate their setup.
>>
>>
>> *2. Platform as a service*
>>
>> In situations where your system is build on a global company's "platform
>> as a service" (Google being the prime example) you have very little control
>> of "where" the personal data is "transfered" - as Google have caching
>> servers almost everywhere, essentially the data would/could be copied all
>> over the globe.
>>
>> The limitation on international transfers - does it in-effect kill
>> innovations that utilize global infrastructure such as this ?
>>
>>
>> *3. Lack of incentive for notification*
>>
>> As I have mentioned elsewhere I think it is great that any breach that
>> should happen requires that the affected person(s) be notified. However I
>> feel that the draft very much creates no incentive for data-processors to
>> actually full-fill this requirement - In-fact the way I read it it is very
>> very tempting for processors who are subject to a breach to keep very quiet
>> (i.e. they are committing an offence if they are subject to a breach - so
>> better make sure no-one ever finds out that you lost some data).
>>
>>
>> Kind regards
>> Michael Pedersen
>>
>>
>>
>> On 27/08/2018 08:30, Grace Bomu via kictanet wrote:
>>
>>
>> General obligations for controllers and processors are listed in part IV
>> and they include upholding the principles of data protection, protecting
>> the rights of the data subject, duty to notify the subject about processing
>> and breaches, acquisition of consent and security safeguards as regards
>> personal data. It would be interesting to hear from data controllers and
>> processors, views on:
>>
>> Welcome to the discussion. Please point out any issues in the bill that
>> are either very good and should be retained or problematic and should be
>> improved. Tujadiliane.
>>
>>
>>
>> --
>> Grace Mutung'u
>> Skype: gracebomu
>> @Bomu
>> PGP ID : 0x33A3450F
>>
>>
>>
>> _______________________________________________
>> kictanet mailing listkictanet at lists.kictanet.or.kehttps://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>> Domain Registration sponsored by www.eacdirectory.co.ke
>>
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/michael%40pluspeople.dk
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>> Domain Registration sponsored by www.eacdirectory.co.ke
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/nmutungu%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
> --
> Grace Mutung'u
> Skype: gracebomu
> @Bomu
> PGP ID : 0x33A3450F
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> Domain Registration sponsored by www.eacdirectory.co.ke
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/mkawira2010%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180828/45f4a93b/attachment.htm>


More information about the KICTANet mailing list