A laptop showing the Facebook logo is held alongside a Cambridge
Analytica sign at the entrance to the building housing the offices of
Cambridge Analytica, in central London. AFP PHOTO | NMG
The Cambridge Analytica case puts to the fore data privacy and
protection laws in Kenya. The consultancy is alleged to have collected
data from about 50 million Facebook users without consent so as to build
behavioural models based on voter patterns.
The firm has been linked with involvement in the recent US and Kenyan elections.
It is appalling to imagine your social media data can be used and shared with a third party without your consent.
However,
this is still commonplace in the cyber world. For example, when you
download an app there is a consent form that may appear seeking
authority to access and share your google search or other social media
data.
The app cannot be accessed until you agree to the terms and
conditions. Therefore, data access and sharing are permissible if the
consumer gives consent such as what happens when downloading some apps.
The
app developer is at liberty to share your data with third parties such
as advertisers and this is what happens when you begin to receive
targeted advertising on your phone and e-mails.
This
may not be entirely illegal if you gave your consent. However, if no
consent was given then such unauthorised data access and sharing is
unlawful.
Kenya has limited laws on data access and
sharing. One of the laws is the Constitution, Article 31 (d) which
states privacy in communication should not be infringed.
This
means that where privacy is shared without authority then not only is
it unlawful it is also unconstitutional. This may be the reason that
telecommunications companies such as Safaricom do not share data with
customers.
It is unlikely that you will get data from
your own line, without a court order. The reason is simple, your line
also contains data from other persons who have a right to have their
privacy protected.
I have seen some apps and software
that enable the user to access information from a third party device.
Such software and apps are actually illegal if a strict interpretation
of the law is to be applied.
The other legislation on
data privacy includes the Kenya Information and Communications law on
consumer protection, which states that a licensed provider cannot share
consumer data without prior authority or consent.
There
are some new ICT laws set for enactment and it is my desire for them to
be passed as soon as possible to put Kenya at par with global
regulations and best practices.
Vision 2030 and other
policies have highlighted ICT as a pillar of development. We, therefore,
need to enhance our regulatory environment in line with this.
The
Computer and Cybercrimes Bill is one such proposed law, which in my
view, will be very useful in taming some cybercrimes. For example,
Section 12 of this Bill criminalises false publications and fake news.
Cyberbullying is also provided for under the proposed law. Cyber
espionage is also criminalised.
Similarly, there is a
Data Protection Bill 2012 which legislates on issues to do with data
protection. The Bill should adequately deal with data privacy issues.
However,
there are challenges with such a law as highlighted in a United Nations
Conference on Trade and Development paper on data protection.
These
challenges include new technology update, jurisdictional issues and
enforcement such as in the case of Cambridge Analytica. How would a
Kenyan affected by this case recover from the latter considering the
cross-border aspect and the differences in laws? It would be a complex
legal issue involving several laws.
No comments :
Post a Comment