A taskforce established to review Kenya’s draft data protection regulations Tuesday started a three-day virtual public participation.
At the same time, the deadline for the submission of comments on the said regulations has been extended to May 11, 2021.
The taskforce, headed by Data Protection Commissioner Immaculate Kassait, will spend three days — between Tuesday and Thursday — on public participation.
The forum sets the stage for stakeholders and public consultations by gathering their views on three sets of data protection regulations currently under consideration.
They include Data Protection (General) Regulations, 2021, Data Protection (Compliance and Enforcement) Regulations, 2021 as well as Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021.
“Your participation is key towards the realisation of the Data Protection (General) Regulations, 2021,” said the taskforce.
The taskforce was established on January 15, 2021 by ICT Cabinet Secretary Joe Mucheru to operationalise the Act and to report to the ministry in six months.
The team was to undertake a comprehensive audit of the Data Protection Act, 2019 — a law which protects the personal information of individuals — as well as to identify any gaps or inconsistencies in the law and the Data Protection Policy and propose specific review requirements.
It was also to propose any new policy, legal and institutional framework that may be required to implement the data law, develop the Data Protection (General) Regulations and train stakeholders and the public on the said regulations and undertake public consultation on the regulations and any other activities required for the effective discharge of the task force’s mandate.
Already, stakeholder consultations on the draft regulations are underway where issues such as review of the data localisation requirements, cross boarder transfer of personal data, duration of renewal of the certificate of registration and reduction of the registration fees have been raised.
This is in addition to automation of the process of the data commissioner, clarification and simplification of the complaints handling procedures as well as harmonisation of the commercial use of personal data with existing legislations.
After the virtual public forum, the stage will be set for consideration of the stakeholders’ comments followed by consultation with committees of National Assembly, gazettement of the regulations, public awareness on the regulations and development of sector specific regulations.
The draft regulations came after the establishment of the Office of the Data Protection Commissioner in November 2020 pursuant to the Data Protection Act, 2019 to regulate the processing of personal data as well as ensure that the processing of personal data of is guided by the principles set out in Section 25 of the Act.
This is in addition to protecting the privacy of individuals, establish the legal and institutional mechanism to protect personal data and provide data subjects with rights and remedies to protect their personal information from any form of processing that is not in accordance with the Act.