[kictanet] Day 7: Policy and Regulatory Framework on Privacy and Data Protection- Exemptions

Grace Bomu nmutungu at gmail.com
Thu Aug 30 08:03:25 EAT 2018

Good morning listers,
Today we look at other issues in the draft bill that we missed during the

One is the question of exemptions, which are provided for in part vii. The
grounds listed for exemption from the provisions of the Act are: national
security and public order concerns, lawful disclosure, prevention of
crimes, apprehension or prosecution of an offender and assessment or
collection of tax. Interestingly, the draft empowers the cabinet secretary
to determine national security and public order concerns. (clause 47(3))

Journalism, literature and the arts are also exempted from the principles
of data protection. Where a publication is in public interest, the
publisher is only required to comply with the relevant code of ethics.
Processing and further processing for research, history and statistical
purposes is also exempted from the principle of collecting data for a
specified purpose. Although the proposed law gives a safeguard through the
principle that data must eventually be destroyed, it does not give
guidelines on time periods - it states that research data may not be kept
indefinitely. Again, the CS is empowered to prescribe further instances
when data may be exempted from provisions of the law (clause 50)

Finally listers, there are general exemptions in clause 2 of the bill. The
law will not apply to sharing of information among government departments/
public sector agencies or to processing by an individual for purely
personal business (this is the personal phonebook exemption)

Part of public reaction to this draft was that the bill gives with one hand
and takes away with the other. Is this an exaggerated view and if so, how
can this be cured in the draft? Are there other ways of dealing with the
concerns raised in the exemptions (eg national security) without taking
away data subject rights? Ultimately, should any data processor/controller
be exempt from protecting data?
Also, are there other useful exemptions that we are missing?

Please share your thoughts on this issue and any other issue from the draft

Grace Mutung'u
Skype: gracebomu
PGP ID : 0x33A3450F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180830/2629e12f/attachment.htm>

More information about the KICTANet mailing list