Insights from the Kenyan International Data Privacy Day

Insights from the Kenyan International Data Privacy Day

International Data privacy day is an annual celebration commemorated on 28th January to recognize and create awareness about the importance of respecting privacy and safeguarding data. It is a day originally launched by the Council of Europe in 2006 marking the date on which the Council of Europe’s data protection convention, Convention 108, was opened for signature. On this date, governments, parliaments, national data protection bodies, and other actors carry out activities to raise awareness about the rights to personal data protection and privacy. 1

Through the Office of the Data Protection Commissioner (ODPC), Kenya commemorated the day by hosting a two-day (26th and 27th) Data Privacy conference themed, ‘Promoting Data Protection in a Digitally Transformed Economy. ’at the Kenya International Convention Centre (KICC). The two-day conference was aimed at giving government agencies a chance to contribute towards discussions surrounding the theme with respect to data protection and the role the government and government agencies have played in the data protection sphere thus far. The 2-day conference was preceded by a full day of open public webinars and discussions with different stakeholders discussing data protection in the digital money industry, the rights of data subjects, and how to exercise them.

Highlights from the 2-day Conference.

The remarks of the CS of the Ministry of Information Communication Technology Hon. Eliud Owalo, Data Commissioner Hon. Immaculate Kassait, and H.E President Dr. William Ruto who respectively opened the 2-day conference informed key aspects of the conference. The president also officially launched the Data Protection System for the registration of Data Controllers and processors that was set up in June 2022 giving effect to the Data Protection Regulations (Registration of Controllers and Processors) 2021.

The Data Commissioner in her opening remarks on the first day noted the importance of commemorating the day and the importance of data protection and highlighted milestones of the ODPC since its operationalization, the milestones included,

    • The development of a strategic plan and regulations, issuance of guidance notes, and the automated registration process through the ERP system. The complaints system was successfully set up and the office has so far issued 2 enforcement notices, one penalty notice, and 2 determinations on complaints, as well as developed an alternative dispute resolution framework.

    • With respect to compliance, the ODPC has prepared advisories for different institutions and developed a data protection training curriculum

    • At the international level, joining the Global Privacy Assembly (GPA), the ODPC also became a member of the African Network of Data Protection Authorities and the Common Trade Network.

    • The Data Commissioner noted that the office continues to raise awareness and has held over 50 sensitization workshops.

Moving forward, the office looks forward to the creation of sector-specific guidelines in the agricultural sector, health sector, education sector, and fintech, continuing conducting data protection training and awareness creation, and becoming a member of Convention 108. She further noted that data protection is not here to stifle innovation but to increase investment and enhance the digital economy and improve employment all the while upholding a culture of data protection in a secure ecosystem making Kenya lucrative for investment. She further encouraged the continued registration of Data controllers and processors across all sectors.

The CS Ministry of ICT in his opening remarks also reiterated the importance of the data protection day as a chance to reflect on any existing gaps in safeguarding data and an opportunity for the government to reflect on how it can continue to provide seamless government services while also complying with the Data Protection Act (DPA). He also noted,

    • The government’s commitment to digitize all government services with the aim of improving service delivery to all and eliminating the traditional red tape of government bureaucracy while ensuring all data is secure and remains private.

    • The protection of the right to privacy as a fundamental human right.

    • There is a delicate balance on how to align the two perspectives of the DPA and Access to Information Act as every citizen has the right to access any information

    • The government’s plan in digitizing all government records and government services. In the next 6 months with the relevant ICT infrastructure in place, the government will have on boarded onto the E- citizen platform a total of 5000 services as it transitions to a paperless government.

    • An Integral component of data protection is cyber security, the ministry is open to ideas from stakeholders as to how the digitization of services can be anchored on regulatory frameworks that do not compromise cyber security and data protection

    • There is a need to create an environment that promotes data protection in light of the National economic blueprint that makes the digital superhighway a priority.

    • Significant socioeconomic opportunities that digital technologies bring i.e. robotics AI, Big data, and quantum computing will aid in the participation in the 4th Industrial Revolution. Emerging technologies go hand in hand with the need for capacity building and upscaling of skills for the youth. Leveraging technological platform upscaling helps them contribute towards the digital economy and achieve the goals of being a middle-income economy.

    • The Ministry is also committed to building the infrastructure for technology by putting in place a legislative policy framework that will encourage investment in the ICT sector. Initiatives in place to strengthen the digital economy through education, skill, and training, the establishment of innovation hubs for the development of skills and talent, and the incubation of start-ups

    • Internet access is integral to all these initiatives the ministry of ICT will soon be able to roll out 100000 km of fiber optic cable to parts of the county that have not been effectively enabled by ICT infrastructure.

    • The ministry also intends to set up 2500 free Wi-Fi hotspots as the government embarks on the digitalization of government services. This will lower the cost of data and ensure members of the public can have free internet access.

    • Further, the Ministry intends to set up 1450 village digital hubs in each ward in the country to enable the youth to acquire digital skills and leverage the potential of digital jobs.

    • The Ministry will ensure that it works hand in hand with all relevant stakeholders in the industry especially the private sector in supporting its project of rolling out the 100000 km of fiber optic cables and the establishment of the digital hotspots.

    • The Ministry will also embark on restructuring the operations of the postal corporation of Kenya by leveraging on technology as it will play an integral part in e-commerce, along with the Kenya News Agency and the Kenya Broadcasting Corporation.

Advisories to look forward to:

    • On data protection and Agriculture, the ODPC will issue an advisory to safeguard personal data during the registration of farmers to ensure the government issues subsidies for fertilizers and other agricultural products. The government has already embarked on the process of registering farmers.

    • On Data Protection and data transforming MSMEs, the ODPC will also issue an advisory to financial and telecommunication institutions involved in the roll-out of the hustler fund to ensure that the processing of loans is in full compliance with the DPA.

    • On Data Protection and health, Universal health care is a thematic area, the government aims to have a digitally integrated and fully enabled health management system and ensure that health data is not compromised. The ODPC will issue an advisory to the NHIF, health facilities, and medical insurance companies to ensure the protection of data during processing and storage. When it comes to storage the government already has a fully-fledged data storage center at the Konza Metropolis and encourages ministries, government departments, and the private sector to consider storing their data in a secure place.

    • On Data Protection and building the digital superhighway and the creative economy, the office of the ODPC will issue an advisory to all government agencies undertaking digitization of government services to ensure automation of services is undertaken within the provision of the DPA.

    • On Data localization, the ODPC will play a critical role in enhancing national security, especially in data localization, the ODPC will issue guidelines on data localization that align with the protection of national security.

The President in his remarks acknowledged and reiterated the importance of Data Protection as the country grows in the 4th Industrial revolution, acknowledging the reforms that have been brought about by technology. He further noted,

    • The need to develop the capacity to derive maximum benefits from leveraging technology as well as the risks of internet connectivity such as breach of data, and the duty of the government to deploy services that will protect, entrepreneurs against the threats present in the digital economy.

    • Data protection must serve the greater interest of the public by ensuring that there is sufficient information for effective and efficient delivery of public goods and services all the while ensuring criminal elements do not hide under data protection

    • With respect to cyber security, the government has an obligation to defend national sovereignty and protect Society cyber-terrorist and online criminals. This must however not be used as an excuse to jeopardize the fundamental rights and freedoms as it relates to access to information this aspect is important to stakeholders.

    • The importance of being conscious of the limits is the constitutionally recognized limits to freedom of expression Freedom of Information and the right to privacy as well as the state’s authority in respect to all these and areas where there must be a balance. there must be a balance.

    • For Kenya to realize the maximum potential of the digital superhighway, there must be a clear data management regime that is rational, effective and promotes efficiency, and it has to promote the digital economy agenda.

    • In line with building the digital economy, the government is also committed to expanding the digital superhighway by making internet access from all corners of the country

    • Accessibility to the internet will enable transactions with the government and promote creation and innovation in the digital space further promoting the freedom of expression and the safeguarding of intellectual property rights.

    • The government continues to make heavy investments in ICT infrastructure. Over the last two weeks, the government has set up six submarine fiber optic cables offering broadband connectivity Over 9,000 km of terrestrial fiber optic connecting nearly all County headquarters with geographical broadband coverage of 56% and mobile broadband penetration of 96%.

    • The government is also working on the finishing touches on the policy and infrastructural framework that will switch on a historic explosion of productivity and competitiveness in the digital economy and in our entire Kenyan economy.

    • The government is also committed to ensuring within the next six months 5,000 government services are made available in the digital space. Already just to put it 300 government services have been made available with the numbers doubling to 600 in the last two weeks.

    • The Ministry of ICT is mandated to work on digital identity, ensuring that by the end of the year, Kenyans are able to identify themselves digitally as it is not the work of the government to issue IDs but to Identify Kenyans.

    • Further, The CS together with the Attorney General to ensure Kenya concludes the process of domesticating the African Union Convention on Cyber Security and Personal Data to align with the rest of the Continent.

Overall the government and the ODPC made various commitments with regard to promoting Data Protection, especially with the digitalization of government services and the call to establish digital IDs once again. Throughout this year stakeholders in the data sphere will be keeping a keen eye on the fulfillment of these commitments more so with regard to, building the ICT infrastructure, internet access, and the development of sector-specific guidelines.

Things to watch out for in 2023:

    • Expansion of the digital superhighway by making internet access from all corners of the country as indicated in the presidential remarks. Keen on this will be looking at what budgetary allocations will be given for the growth of the ICT infrastructure especially internet connectivity through the National Optic Fiber Backbone (NOFBI).

    • New ICT policies in consideration of the commitments and directives from both the president and Ministry of ICT on improving the policy and infrastructural framework that will switch on a historic explosion of productivity and competitiveness in the digital economy and in our entire Kenyan economy.

    • Implications of moving government services fully to digital space in consideration of already existing gaps in internet access and overall accessibility to marginalized communities.

    • The re-introduction of Digital ID. With the existence of the Data Protection Act and operationalization of the office of the ODPC, will the government be keen on ensuring all relevant processes statutory and otherwise have been conducted? Will the exercise require a new data collection exercise? What happens to the already collected data?

    • Ratification of the African Union Convention on Cyber Security and Personal Data (Malabo Convention). Kenya already enacted data protection and cyber security legislation. Will domesticating the convention be a step further in aligning data protection and cyber security laws regionally? Or has the convention been surpassed by time?


imgae is from  Hubspot

1 Data Protection Day (Council of Europe) <>

Leave a Comment

Your email address will not be published. Required fields are marked