Respecting privacy is a prerequisite for stable, secure and competitive global trade.
In Greek mythology, Argus Panoptes was an ever watchful giant with a hundred eyes to boot. Even when asleep, some of his eyes would be awake watching on-goings around him.
Jeremy Bentham, the 18th century philosopher, borrowing from this myth, designed a prison called the Panopticon, that was structured in such a way that a single guard at the centre could observe all the prisoners.
The prisoners wouldn’t know whether they were being watched, or not, as the guard could look in any direction. This made the prisoners to “behave” all the time. Bentham’s Ponopticon has been replicated in different shapes in the digital world.
Digital natives have volunteered their personal data to tech giants such as Facebook and Google, which keep track of their activities. These firms are accumulating big data from customers, which they sell for marketing and other purposes.
With digital civilisation, there is unprecedented access to data. This is certainly a revolution, not a passing cloud. Application of machine learning and artificial intelligence (AI) has created big data analytics that is unlocking the value of this big data.
Industrial revolution improved humanity’s standard of living, but brought new problems such as pollution. In similar fashion, the data revolution is enriching people’s lives, but has its banes, as the Facebook and Cambridge Anaytica fiasco has recently demonstrated.
The Economist recently vouched data to be the new oil that will give rise to a new economy. Indeed, big-data analytics and data-driven businesses have become embedded in countless new products and services. The Internet and digitisation of goods and services have further transformed the global economy.
In a globalised world, transfer of data, including personal data, across national borders is part of the operations of companies. AI is facilitating accumulation of derived data for business ends. To this end, personal data has fallen victim.
Consumers have historically placed confidence in data companies to protect their personal data. These companies, on diverse times, have breached this trust. Instead, they have employed this data, however personal, as an asset to create monopolies and generate income. They have turned privacy into a commodity.
Yet, privacy is not a commodity to be traded. Respecting privacy is a prerequisite for stable, secure and competitive global trade. As trade exchanges rely on personal data flows, privacy and security have become a key factor of consumer trust.
Protection of personal data is non-negotiable. Various countries have been enacting data protection legislation in response to the growing demand for stronger data security and privacy protection.
Gladly, there seems to be a trend towards convergence on data protection principles. On May this year, the General Data Protection Regulation (GDPR), the EU law on data protection, will come into force.
This law is a grand response to growing concern that consumers are losing control of their personal data and privacy to businesses that are increasingly engaging in data analytics to gain a competitive edge.
It can be argued the GDPR provisions meet the mark as international customary law on data protection. It heralds a mutiny to the old order of data protection, by detailing broad mechanisms of protecting information identifiable with individual to an individual.
Some of the protected information, as per GDPR, includes search-engine entries, employee authentication, payment transactions, closed-circuit-television footage, and visitor logs, among others.
It is immaterial whether such data is structured or unstructured, or it’s medium. It will be a requirement for a company processing data of an EU citizen to adhere accordingly.
The companies that will be most affected are Internet service providers, airlines, mobile phone service providers, banks, international couriers and numerous service providers, and related businesses. These often deal with clients across national and virtual borders. The extra-territorial application of GDPR will require them to comply.
GDPR’s protective mechanism requires companies to inform their customers that they are storing and, or processing personal data, why they are holding that data, how long they plan to hold it and the interest the company has in the data.
Equally, it creates one data protection authority that will be responsible for supervision of cross-border data processing operations carried out by a company in the EU.
In addition, GDPR introduces stringent consent requirements, data-subject rights, and obligations on organisations that gather, control, and process data.
Some unique rights, such as the right to be forgotten (also right of data erasure), right to data portability, right to revoke consent, and right to restrict processing, are introduced.
Entities handling personal data are required to report data breaches likely to result in high risk to individuals’ rights and freedoms to the authorities within 72 hours, and subsequently to the data subjects as well in certain cases.
The fines for failure to comply will be high, as much as four per cent of annual worldwide revenues. Individuals are also allowed to seek civil actions (including class-action lawsuits) against entities that violate their data-protection rights.
The effectiveness of GDPR regulatory approach is yet to be seen. In the age of advanced data analytics, which by nature require lots of digital information, giving people notice that their data is being collected, and then asking for consent for it to be used may be an uphill task.
It may result into unintended consequences of stifling innovation, especially for digital start-ups.
Kenya is yet to formulate a coherent law on data protection. There is a Data Protection Bill 2015, which needs to be updated with emerging trends, such as borrowing some elements from GDPR.
The country has so far been casual in handling personal data. Many companies are taking and holding even biometric information, yet there is no regulatory mechanism to govern privacy and remedy in cases of breach. The enactment of data protection laws needs to be expedited.
PAYE Tax Calculator
Note: The results are not exact but very close to the actual.
