In this section, you can access the different parts of our guide for policy engagement on data protection “The Keys to Data Protection”. The guide is intended to help organisations and individuals improve their understanding of data protection, by providing a framework to analyse the various provisions which are commonly presented in a data protection law.
The guide was developed from Privacy International’s experience and expertise on international principles and standards applicable to the protection of privacy and personal data, and our leadership and research on modern technologies and data processing.
Part 1 introduces data protection: what it is, how it works and why it is essential for the exercise of the right to privacy.
While data protection laws vary from country to country, there are some commonalities and minimum requirements, underpinned by data protection principles and standards which tend to be reflected in the structure and content of relevant legislation. Each part of the report presents these, including:
Part 8 provides some additional resources on data protection, and outlines opportunities for organisations to engage on data protection.
Much of our engagement on data protection for the last decade has been undertaken through our work with our partners in the Privacy International Network. We would like to take the opportunity to acknowledge their incredible efforts to promote and advocate for the adoption of data protection laws across the world.
Please reach out to Privacy Internation on email if you have any feedback on the guide via: email@example.com
This report covers an eventful period in the history of defending human rights defenders in Kenya. The country went through general elections in the year and characteristically, the divisive campaigns contaminated the operational environment of the country’s CSOs and HRDs. The work of the NCHRD K was therefore very much linked to the elections. Subsequently, the advocacy and protection programmes of the NCHRD K asserted the centrality of HRD actors as election monitors, repositioning the place of human rights defenders in the election process. Activities through the year emphasized the protection of conducive environment for the work of HRDs as well as the protection of individual HRDs most at risk.
During the year, NCHRD-K put in place a comprehensive programme to manage risks to human rights defenders in the country. Together with partners, the NCHRD-K built an early warning scenario building and strategy group that regularly assessed risks for human rights monitors. Response interventions were then designed within informed parameters. The NCHRD-K deployed about 102 monitors from all the 47 counties and HRD groups at risk such as sexual minority groups, journalists, bloggers and indigenous peoples to take part in monitoring the elections. Wherever risks to the monitors were reported, the NCHRD-K took rapid measures to manage them. The reports of the monitors were publicly shared with duty bearers who came under pressure to respond to things requiring their attention in line with commitments reached in the partnership built with the NCHRD K in the preparatory meetings leading to the process.
The NCHRD-K built a strong, secure and effective team of country wide monitors, equipped through a comprehensive training program to monitor, document and report on human rights violations during Elections 2017. As a result, there were robust human rights based monitors in the elections team in the particular process. In part, the high-quality information and reports of HRD monitors involved in the elections were critical in ensuing electoral petition following the announcement of the presidential election results. Aspects of the observation endorsed the Supreme Court decision to cancel the results for irregularities and illegalities noted in the process. Significantly, observation of human rights in the election process became part of the ventilations in the petitions in which HRDs directly took part. The success attained in monitoring the elections is discussed further in this report.
Going by the incidence reports to NCHRD K, risks faced by individual HRDs and organizations increased in the reporting year. The NCHRD-K working with its partners, particularly the Protection Working Group and the Human Rights Defenders Working Group managed to better clarify the priorities and build a coherent program to respond to the environment. As such, the mandate of the organization to carry out protection of HRDs at risk was conducted with remarkable success, even as human rights faced a tempestuous moment in the backdrop of the elections.
ACCESS THE FULL REPORT HERE: https://hrdcoalition.org/wp-content/uploads/2018/10/NCHRD-K-Annual-Report-2017-.pdf
The State of Privacy in Kenya is the result of an ongoing collaboration by Privacy International and the National Coalition of Human Rights Defenders – Kenya.
Key Privacy Facts
1. Constitutional privacy protections: Article 31 of the Kenyan Constitution specifically protects the right to privacy.
2. Data protection law: Kenya does not currently have specific data protection legislation. However, a Data Protection bill was tabled in Parliament in 2015.
3. Data protection agency: Kenya does not have a specific data protection authority.
4. Recent scandals: Kenyan and international civil society groups report high levels of extrajudicial surveillance.
5. ID regime: The Integrated Population Registration System (IPRS) collects data from a dozen databases held by various government agencies.
Article 31 of the Constitution specifically protects the right to privacy. It states:
“Every person has the right to privacy, which includes the right not to have—
(a) their person, home or property searched;
(b) their possessions seized;
(c) information relating to their family or private affairs unnecessarily required or revealed; or
(d) the privacy of their communications infringed.”
Furthermore, Article 2 states that Kenya’s international obligations, such as its commitment to the Universal Declaration of Human Rights and International Covenant on Civil and Political Rights, which include privacy rights, are part of Kenyan domestic law. It states:
“(5) The general rules of international law shall form part of the law of Kenya.
(6) Any treaty or convention ratified by Kenya shall form part of the law of Kenya under this Constitution.”
Kenya is a signatory to or has ratified a number of international conventions with privacy implications, including:
The Communications Authority of Kenya (CA) regulates the telecommunications industry and collects statistics on the sector. Mobile penetration was recorded at 86.2 % in March 2017, with 39.1 million mobile subscriptions. There were an estimated 40.59 million internet users in Kenya in March 2017, representing an internet penetration rate of 89.4% according to the CA.
Social media is widely used in Kenya. Kenya is reported to have over 5 million active daily Facebook users, and 693,000 confirmed active users on Twitter, according to a study by Ogilvy, an advertising and public relations firm.
The Kenya Information and Communications Act (2009), penalises the unlawful interception of communications by service providers. Article 31 states:
“A licensed telecommunication operator who otherwise than in the course of his business—
(a) intercepts a message sent through a licensed telecommunication system; or
(b) discloses to any person the contents of a message intercepted under paragraph ; or
(c) discloses to any person the contents of any statement or account specifying the telecommunication services provided by means of that statement or account, commits an offence and shall be liable on conviction to a fine not exceeding three hundred thousand shillings or, to imprisonment for a term not exceeding three years, or to both.”
Article 83 states:
“(1) Subject to subsection (3), any person who by any means knowingly:—
(a) secures access to any computer system for the purpose of obtaining, directly or indirectly, any computer service;
(b) intercepts or causes to be intercepted, directly or indirectly, any function of, or any data within a computer system, shall commit an offence.”
Article 93 (1) states:
“No information with respect to any particular business which—
(a) has been obtained under or by virtue of the provisions of this Act; and
(b) relates to the private affairs of any individual or to any particular business,
shall, during the lifetime of that individual or so long as that business continues to be carried on be disclosed by the Commission or by any other person without the consent of that individual or the person for the time being carrying on that business.”
Read the full report here: https://privacyinternational.org/node/1005