- In jurisdictions like Kenya where there are no strict privacy laws, it is usually up to the service providers’ goodwill to vet what data they will use and what they cannot use.
- Data is “non-rivalrous” hence it can be copied and used by more than one entity at a time.
- The Kenyan data protection Bill has provisions for mandatory data sharing with government agencies.
Silicon Valley giants tend to have the advantage of using data collected from customers in exchange for ‘free’ services such as email and social media. They use this data to attract more customers who generate more data that is used in improving services, which attracts more customers. Behind this phenomena is a lot of behavioural economics, big data analysis and ad targeting.
Most of these data usually comes from personal communication devices, hence within the ambit of privacy laws and regulations in the nations where they are registered.
In jurisdictions like Kenya where there are no strict privacy laws, it is usually up to the service providers’ goodwill to vet what data they will use and what they cannot use.
While it may appear to be a win-win situation because people don’t pay for access to online platforms, a data subject ought to have more say in how their personal information is being used. Many internet corporates have turned subscribers into data mines, which raises many ethical and legal questions.
First, there is the constitutional right to privacy. This is enshrined in Article 31 of the Constitution, which protects the privacy of one’s communications from being infringed. The Data Protection Bill is for an act that will give effect to Article 31 while regulating the processing and use of personal data.
The European Union laws on the right to privacy are really strict and they give more power to the data subject on their data unlike the US laws, which are lax. A perusal of the draft Kenyan data law shows that service providers will still have a lot discretion, pertaining the use of personal data as they will be required to only notify the data subject.
Secondly, data is “non-rivalrous” hence it can be copied and used by more than one entity at a time. This means that data can easily be used for other purposes than those agreed between the data subject and data controller (service provider).
Thirdly, the Kenyan data protection Bill has provisions for mandatory data sharing with government agencies. This is not unheard of as nations such as Germany have laws that require insurers to jointly maintain data on issues such as car accidents that smaller firms cannot compile on their own.