[kictanet] Day 5: Policy and Regulatory Framework on Privacy and Data Protection- Offences and Remedies
Martha Muriuki
marthamuriuki at gmail.com
Tue Aug 28 20:14:42 EAT 2018
Good evening listers,
I think the model should be based on the fundamentals; that anyone holding
personal data should know that it will hurt significantly if the data goes
to unintended parties or is used for unintended purpose. Whether the data
processor is ' small' or ' large' fact is the data held is personal and
should be handled as per the agreed terms when this information was
provided.
My preference though should be applied based on revenue but there should be
a minimum amount or jail term for penalties. I think this would keep data
processors in check.
Regards,
Martha Muriuki
Skype: marthamuriuki
On Tue, Aug 28, 2018 at 12:18 PM Mercy Njue via kictanet <
kictanet at lists.kictanet.or.ke> wrote:
> The penalties are too static for the market. They might be crippling to an
> SME but pocket change to a big firm. This will also translate to more small
> firms complying since the amounts are too steep and the big firms complying
> as they seem fit. Instead, I think it should lean towards the GDPR
> penalties where the penalties are pegged on Gross revenue.
>
> Regarding "Knowingly supplying false information to the data commissioner
> during registration as a data controller or processor " Its a double
> sword. There are some who do this to protect their identity since the
> purpose of the data collected is unclear. Or because we don't know if they
> will sell the details to the highest bidders in the dark web.
>
>
>
> --
> Mercy Njue
> Founder Botlab
>
> Botlab Physical Address: Ngong hills Hotel along Ngong road, 5th Floor
> Office line: +254 700 915197
> Mobile: +254 729758 701
> Email: Mercy at botlab.biz
> *Endless possibilities :* www.botlab.biz
>
>
>
> *"* What we are is God's gift to us. What we become is our gift to God. -
> Eleanor Powell
>
>
> On Tue, Aug 28, 2018 at 9:48 AM Grace Bomu via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> Offences are public in nature and their prosecution and sentencing is
>> carried out through the criminal justice system. Remedies on the other hand
>> may be considered from a civil lens and examples include damages,
>> restitution, coercive (injunctions) and declaratory remedies. They are
>> personal and their aim is to give justice to the injured person. A trend
>> with newer laws is the provision of both offences and remedies. In the
>> copyright law for example, in addition to criminal offences, one can
>> recover profits from pirated material.
>> Back to our bill, the following offences are created:
>>
>> *Offence *
>>
>> *Penalty *
>>
>> Knowingly supplying false information to the data commissioner during
>> registration as a data controller or processor ( clause 15 (3))
>>
>> General penalty under clause 59:
>>
>> 5 million shillings fine or 5 years imprisonment or both
>>
>> plus
>>
>> possible forfeiture of equipment and prohibition order
>>
>> Data controller or processor failing to notify the data commissioner
>> about a change in particulars (clause 16 (7))
>>
>> General penalty
>>
>> unlawful processing of personal data (clause 27)
>>
>> 5 million shillings fine or 5 years imprisonment
>>
>> Unlawful processing of sensitive personal data (part v)
>>
>> 5 million shillings fine or 5 years imprisonment
>>
>> Refusing to comply with a notice from the data commissioner or knowingly
>> furnishing the commissioner with false information during investigations
>> (clause 52(3))
>>
>> General penalty
>>
>> Disclosure of personal data by controller against specified purpose
>> (clause 58 (1))
>>
>> General penalty
>>
>> Disclosure of personal data by processor without authority of controller
>> (clause 58 (2))
>>
>> General penalty
>>
>> Obtaining personal data without prior authority of controller or
>> processor (clause 58 (3)(a))
>>
>> General penalty
>>
>> Disclosure to a third party (clause 58 (3) (b))
>>
>> General penalty
>>
>> Offer (advertisement) to sell personal data obtained through unlawful
>> disclosure ((clause 58 (4))
>>
>> General penalty
>>
>> The bill has taken the criminal law track and has not provided remedies
>> targeting persons injured by contravention of the bill. It does however
>> create a complaints mechanism where the public can lodge complaints with
>> the data commissioner. The powers of the commissioner in addressing such
>> complaints are limited to issuing notices.(and we shall be discussing more
>> about the office powers of the data commissioner in due course)
>>
>> Our discussion today is on the question of choosing the offences route as
>> opposed or in addition to the civil route. What are our thoughts on this?
>> Should we have borrowed the pro-rated model of the GDPR where
>> controllers/processors are charged administrative fines according to their
>> revenue?
>> And when we come to offences, are they adequate? Should the magnitude of
>> the offence be measured against the size of the data processor or are all
>> sins equal despite might of the transgressor?
>>
>> Listers, please share your views on these issues. As usual, we welcome
>> identification of good and problematic clauses. Welcome to the discussion.
>>
>> --
>> Grace Mutung'u
>> Skype: gracebomu
>> @Bomu
>> PGP ID : 0x33A3450F
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>> Domain Registration sponsored by www.eacdirectory.co.ke
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/mkawira2010%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> Domain Registration sponsored by www.eacdirectory.co.ke
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/marthamuriuki%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180828/2cc7d9d6/attachment.htm>
More information about the KICTANet
mailing list