The Public Service Commission invited Kenyans to apply for the post of Data Commissioner in accordance with the Data Protection Act, 2019.
Last year Kenya made important advances towards adopting a comprehensive Data Protection law by releasing a draft Data Protection Act. This was signed by President Uhuru Kenyatta which established the requirements for the protection of personal data of Kenyan residents.
This year, Kenya advertised the position of Data Protection Commissioner through the Public Service Commission in accordance with the provisions of Section 6(2) of the Data Protection Act. The Commission, which is no longer accepting applications, invited suitably qualified Kenyans to consider the position.
Some of the duties and responsibilities of the role include:
- overseeing implementation of and being responsible for enforcement of the Data Protection Act
- establishing and maintaining a register of data controllers and data processors
- exercising oversight on data processing operations and verify whether the processing of data is done in accordance with this Act
- promoting self-regulation among data controllers and data processors
- conducting assessment for the purpose of ascertaining whether information is processed according to the provisions of the Act or any other relevant law.
Some parts of the Commissioner’s responsibilities show similarities to the UK’s Data Protection (Charges and Information) Regulations 2018, for example, maintaining a register of all data controllers and data processors in Kenya. However, In the UK every organisation that controls the processing of personal data is required to register with the Information Commissioner’s Office, unless the processing that they carry out is exempt. In Kenya, data processors and data controllers must register with the Commissioner but in the UK, only data controllers are required to register.
In January 2020, Privacy International published an analysis of Kenya’s Data Protection Act. In their report, the Kenyan Government were commended for making the necessary initial steps to protecting privacy and ensuring “effective and good democratic governance.”
In their lengthy report, PI examined each section and scrutinised their shortcomings in an attempt to encourage further work to be done that would allow for an airtight legislation. In relation to Section 5&6 – The Establishment of the Office and Appointment of Data Protection Commissioner, PI argued that,
“The establishment of the office of the data commissioner as a body corporate does not grant this office with the necessary institutional and financial independence to execute its mandate effectively under the new law. In order to ensure the necessary independence and effectiveness of the Office it should be Statutory Commission which would be preferred to a State Office.”
Regardless, the appointment of a Data Commissioner will allow for a fuller operationalisation of the obligations of the Data Protection Act.
The appointment has not yet been confirmed.
The post #Privacy: Kenya makes further steps towards data privacy appeared first on PrivSec Report.