[kictanet] Day 6: Policy and Regulatory Framework on Privacy and Data Protection- Institutional Framework

Grace Bomu nmutungu at gmail.com
Wed Aug 29 08:20:55 EAT 2018

Good morning listers,
The office of the data protection commissioner (DPC) is established as a
state office and is expected to be independent. The DPC will however be
appointed by the Cabinet Secretary, ICT. To qualify for the office, one
needs to have extensive knowledge in data science, law, IT and related
fields and meet requirements on leadership and integrity(Chapter six of the
The functions of the DPC include: oversight and enforcement of the Act;
registration of data processors and controllers; control over data
processing activities; promotion of self regulation of actors;
investigation of complaints; creation of awareness on the Act; ensure
compliance with international obligations; research and related functions
from other laws.

Powers of the DPC include: investigations; obtain professional assistance
if need be; facilitate alternative dispute resolution; issue witness
summons; request for information from persons governed by the bill.
Further, the DPC may request for data audits (clause 20); appointment of
guardian for child online services (clause 29)

Apart from the usual sources of funds (allocation by Parliament, donations,
grants etc) the bill also states that the office of DPC may be funded by
funds accrued in performance of its functions.

Some public fears on creation of yet another public body are based on
concerns about funding the body, an expectation that registration will mean
paying for licences and that there is not sufficient capacity in the
country to oversee data protection. The bill however only proposes that DPC
issues certificates and does not mention registration fees.

To guide our discussion today, questions include:

   1. Are the functions and powers of the DPC adequate to implement the
   law? Are there any overboard provisions?
   2.  Considering that the government is a major data processor and
   controller, is the office of the DPC as structured in the bill sufficiently

As usual, please point out any good or problematic clauses.
Welcome to the discussion

Grace Mutung'u
Skype: gracebomu
PGP ID : 0x33A3450F

Grace Mutung'u
Skype: gracebomu
PGP ID : 0x33A3450F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180829/5dda9b21/attachment.htm>

More information about the KICTANet mailing list