[kictanet] Day 5: Policy and Regulatory Framework on Privacy and Data Protection- Offences and Remedies

Michael Pedersen michael at pluspeople.dk
Tue Aug 28 13:10:24 EAT 2018 

Listers,

Could it be that the administrative overhead & the associated penalties 
depended on the amount of people's personal data you hold ?

I.e. if you hold less than 10000 people's data you might be a "small 
data processor", if you hold between 10000 and 100000 peoples data you 
would be medium and above you would be a large processor... And the 
requirements would be scaled accordingly.

..

Mike


On 08/28/2018 01:02 PM, Grace Bomu via kictanet wrote:
> Thank you for your contributions so far.
> @Hannington, thank you for bringing in the issue of proportionality of 
> remedies. While at the moment our economy is much smaller, don't you 
> think we shall keep growing? Also, how can we cure the fact that there 
> is a mix of both very small and very big players in our scene?
> @Mercy and Jefferson, your comments on pro-rating penalties are noted.
>  I would love to get your comments on remedies for the data subjects. 
> How can the law provide some justice for victims of breaches?
>
>
>
> Il giorno mar 28 ago 2018 alle ore 12:13 Hannington Oduor via kictanet 
> <kictanet at lists.kictanet.or.ke <mailto:kictanet at lists.kictanet.or.ke>> 
> ha scritto:
>
>     The GDPR model may not fit well in our context, reason, the
>     economy factored in that model are much bigger hence remedies  to
>     the victim/ injured would be likewise, a copy paste here would
>     create a scenario where the injury is epic but inversely
>     propositional to the punishment.
>
>     On Tue, Aug 28, 2018 at 9:36 AM Grace Bomu via kictanet
>     <kictanet at lists.kictanet.or.ke
>     <mailto:kictanet at lists.kictanet.or.ke>> wrote:
>
>         Offences are public in nature and their prosecution and
>         sentencing is carried out through the criminal justice system.
>         Remedies on the other hand may be considered from a civil lens
>         and examples include damages, restitution, coercive
>         (injunctions) and declaratory remedies. They are personal and
>         their aim is to give justice to the injured person. A trend
>         with newer laws is the provision of both offences and
>         remedies.  In the copyright law for example, in addition to
>         criminal offences,  one can recover profits from pirated
>         material.
>         Back to our bill, the following offences are created:
>
>         *Offence *
>
>         	
>
>         *Penalty *
>
>         Knowingly supplying false information to the data commissioner
>         during registration as a data controller or processor ( clause
>         15 (3))
>
>         	
>
>         General penalty under clause 59:
>
>         5 million shillings fine or 5 years imprisonment or both
>
>         plus
>
>         possible forfeiture of equipment and prohibition order
>
>         Data controller or processor failing to notify the data
>         commissioner about a change in particulars (clause 16 (7))
>
>         	
>
>         General penalty
>
>         unlawful processing of personal data (clause 27)
>
>         	
>
>         5 million shillings fine or 5 years imprisonment
>
>         Unlawful processing of sensitive personal data (part v)
>
>         	
>
>         5 million shillings fine or 5 years imprisonment
>
>         Refusing to comply with a notice from the data commissioner or
>         knowingly furnishing the commissioner with false information
>         during investigations (clause 52(3))
>
>         	
>
>         General penalty
>
>         Disclosure of personal data by controller against specified
>         purpose (clause 58 (1))
>
>         	
>
>         General penalty
>
>         Disclosure of personal data by processor without authority of
>         controller (clause 58 (2))
>
>         	
>
>         General penalty
>
>         Obtaining personal data without prior authority of controller
>         or processor (clause 58 (3)(a))
>
>         	
>
>         General penalty
>
>         Disclosure to a third party (clause 58 (3) (b))
>
>         	
>
>         General penalty
>
>         Offer (advertisement) to sell personal data obtained through
>         unlawful disclosure ((clause 58 (4))
>
>         	
>
>         General penalty
>
>
>         The bill has taken the criminal law track and has not provided
>         remedies targeting persons injured by contravention of the
>         bill. It does however create a complaints mechanism where the
>         public can lodge complaints with the data commissioner. The
>         powers of the commissioner in addressing such complaints are
>         limited to issuing notices.(and we shall be discussing more
>         about the office powers of the data commissioner in due course)
>
>         Our discussion today is on the question of choosing the
>         offences route as opposed or in addition to the civil route.
>         What are our thoughts on this? Should we have borrowed the
>         pro-rated model of the GDPR where controllers/processors are
>         charged administrative fines according to their revenue?
>         And when we come to offences, are they adequate? Should the
>         magnitude of the offence be measured against the size of the
>         data processor or are all sins equal despite might of the
>         transgressor?
>
>         Listers, please share your views on these issues. As usual, we
>         welcome identification of good and problematic clauses.
>         Welcome to the discussion.
>
>         -- 
>         Grace Mutung'u
>         Skype: gracebomu
>         @Bomu
>         PGP ID : 0x33A3450F
>
>         _______________________________________________
>         kictanet mailing list
>         kictanet at lists.kictanet.or.ke
>         <mailto:kictanet at lists.kictanet.or.ke>
>         https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>         Twitter: http://twitter.com/kictanet
>         Facebook: https://www.facebook.com/KICTANet/
>         Domain Registration sponsored by www.eacdirectory.co.ke
>         <http://www.eacdirectory.co.ke>
>
>         Unsubscribe or change your options at
>         https://lists.kictanet.or.ke/mailman/options/kictanet/hanningtondr%40gmail.com
>
>         The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
>         platform for people and institutions interested and involved
>         in ICT policy and regulation. The network aims to act as a
>         catalyst for reform in the ICT sector in support of the
>         national aim of ICT enabled growth and development.
>
>         KICTANetiquette : Adhere to the same standards of acceptable
>         behaviors online that you follow in real life: respect
>         people's times and bandwidth, share knowledge, don't flame or
>         abuse or personalize, respect privacy, do not spam, do not
>         market your wares or qualifications.
>
>
>
>     -- 
>
>     /*Computer and Cellular Forensic Investigator
>     Cyber Crime Unit
>     CID HQ Nairobi
>     0720-727003
>     _ENCASE II        C.H.F.I_*/
>     _______________________________________________
>     kictanet mailing list
>     kictanet at lists.kictanet.or.ke <mailto:kictanet at lists.kictanet.or.ke>
>     https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>     Twitter: http://twitter.com/kictanet
>     Facebook: https://www.facebook.com/KICTANet/
>     Domain Registration sponsored by www.eacdirectory.co.ke
>     <http://www.eacdirectory.co.ke>
>
>     Unsubscribe or change your options at
>     https://lists.kictanet.or.ke/mailman/options/kictanet/nmutungu%40gmail.com
>
>     The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
>     platform for people and institutions interested and involved in
>     ICT policy and regulation. The network aims to act as a catalyst
>     for reform in the ICT sector in support of the national aim of ICT
>     enabled growth and development.
>
>     KICTANetiquette : Adhere to the same standards of acceptable
>     behaviors online that you follow in real life: respect people's
>     times and bandwidth, share knowledge, don't flame or abuse or
>     personalize, respect privacy, do not spam, do not market your
>     wares or qualifications.
>
>
>
> -- 
> Grace Mutung'u
> Skype: gracebomu
> @Bomu
> PGP ID : 0x33A3450F
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> Domain Registration sponsored by www.eacdirectory.co.ke
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/michael%40pluspeople.dk
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180828/03bd82be/attachment.htm>

More information about the KICTANet mailing list