How Data is Governed

  • CIPIT
  • |  
  • October 31, 2023
  • |
International Data Transfer Principles in Kenya

International Data Transfer Principles in Kenya

Project description

The research project sought to establish a clear framework for conducting lawful international personal data transfers (IPDTs) under the existing provisions of the Kenya Data Protection Act (DPA). Section 48(b) DPA states that transfers of personal data outside Kenya are permitted only where the data controller or data processor has given proof to the Data Commissioner of the appropriate safeguards with respect to the security and protection of personal data, and with respect to jurisdictions with commensurate data protection laws. However, the Kenyan data protection framework fails to enumerate the metrics for determining the adequacy or proportionality of a foreign jurisdiction’s data protection laws in relation to the DPA.

Importance of project

The inadequate nature of the current IPDT framework under the Kenyan DPA enables organizations to flagrantly conduct cross border data transfers without concern for their data subjects and the possible violation of their privacy-related rights in foreign jurisdictions. The rationale for the implementation of an IPDT regulation arises from the realisation that it is pointless to establish a framework to protect personal data if those protections could be effectively circumvented by simply moving the data of the people it was designed to protect to another jurisdiction. The policy brief proposes an evaluation criterion that shall be relied upon by the ODPC when determining the adequacy or proportionality of a foreign jurisdiction’s data protection laws in relation to the DPA.

Research methodology

This study determined principles that are necessary to evaluate the proportionality of a foreign jurisdiction’s data protection framework by conducting a comparative and situational analysis of the DPA and the EU GDPR and its supplemental guidelines (Article 29 Data Protection Working Party Adequacy Referential Guidelines) on cross border data transfers.

Main findings

The policy brief outlines 13 principles that need to be present within a foreign jurisdiction’s data protection framework in order to be considered ‘adequate’ to the Kenyan DPA and its subsequent regulations. The principles can be categorised into Content Principles and Procedural and Enforcement principles.

Data Governance in Africa

Data Governance in Africa

The aim of the Data Governance Resource Centre (DGRC) is to contribute to the body of evidence available for those influencing policy in data protection, data bias, open data, & other issues pertaining to data governance with a focus on issues relevant to the Global South, in particular Africa. In response to this overarching aim the DGRC has embarked on a Data Governance Principles Project that will provide introductory and background information on what Data Governance is in the global context as well as in Africa. The research collates studies on data governance that have already been conducted, as well as provide understanding of data governance from both theory and practice by engaging with stakeholders within data governance on the continent.

As a result of the mapping and engagement with Stakeholders the DGRC visually represents the Regulators across the continent that provide for the regulation of both personal and other data. These regulators include Data Protection Regulations and Other Regulators tasked with regulating the provision of electronic communication services and products, sets standards for the ICT sector and protecting the rights and interests of consumers, service providers, suppliers, and manufacturers. This stakeholder map can be used to analysed and understand which regulators are involved in and responsible for the governance of data, development of policies for the governance of data and handling of complaints in relation to the governance of data.

Understanding Cybersecurity and Data Protection in Mauritius, Kenya, and Zimbabwe

Understanding Cybersecurity and Data Protection in Mauritius, Kenya, and Zimbabwe

Summary

Data governance relies heavily on security. However, due to a lack of precise definitions in legislation, there is frequent confusion between data protection and cybersecurity. These two topics are misunderstood and confused due to a lack of understanding of how to approach them effectively. As a result, because the approach is derived from the comprehension, it typically varies significantly from country to country.

Over time, legal policies and frameworks have lagged behind technological advances, especially in cybersecurity and data protection. Long-term, this could create legislative gaps regarding data governance and emerging technologies. This study examined the cybersecurity and data protection laws in Mauritius, Kenya, and Zimbabwe in an effort to comprehend their perspectives on cybersecurity and cybercrime, as well as the reasons for their disparities. It identified current issues at the intersection of cybersecurity and data protection in the studied countries and evaluated their cybersecurity and data protection approaches.


 Understanding Cybersecurity and Data Protection in Mauritius, Kenya, and Zimbabwe

Understanding the Law in Upholding Image Rights: Perspectives from Around the World and Kenya.

Summary

How well do you understand your image rights and the best way to protect your image rights? Read our latest research on understanding your image rights. This report gives a diversified understanding of global and local perspectives on the protections offered to image rights and how to exercise and protect your image in the ever-evolving digital world.

IMAGE RIGHTS - Release Form Information Pack Introduction

Brief description

This comprehensive info pack offers an essential guide to understanding and using image rights release forms effectively. Learn about image rights release forms, including what they are, why they are important, how to use them, and common mistakes to avoid. The info pack includes a variety of resources, including sample image rights release forms and tips for drafting and negotiating image rights release agreements.