Last weekend, an accident on Lang’ata road exposed the weaknesses in Kenya’s Data Privacy matters with those who collect it not safeguarding it from third parties.
In the accident which was reported in local media with conflicting details about the person involved in the accident, details emerged from a National Transport and Safety Authority (NTSA) generated form which had all the particulars of the car owner.
While it later emerged that the driver was not the owner of the car, the swift availability of the owner’s details show that Kenya’s data protection is not being taken seriously – and can easily be abused. It is no wonder, then, that people keep receiving calls and texts from scammers who seem to know their targets well.
Read: Why You Could Sue NTSA and Win
According to the police, the driver of the saloon car hit several trees before landing on a perimeter fence opposite Sunshine Secondary School in the accident that occurred at about 7.24 am.
Langata Sub-County Deputy Commander Jason Samburumo said the driver lost control of the vehicle which was being driven from the Mbagathi Roundabout.
Data Privacy Laws
In Kenya, there is no law relating to data privacy and protection and the closest the country has come in regard to this law was a January court ruling in which the was ordered to ensure that such a law is in place before proceeding with the Huduma Number registration.
Amnesty notes that the Data Protection Commissioner and the Regulations are yet to be developed and gazetted.
“It is important that the Act be fully be in force and the Commissioner in office before the government continues with the NIIMS roll-out. Amnesty calls on the Government to comply with the court directive by tabling in Parliament a human-rights compliant ‘stand-alone’ Huduma Bill to provide a clear regulatory framework for NIIMS. The Huduma Bill must be reviewed for compliance with the Data Protection Act and international human rights standards,” notes a statement issued after the court ruling.
Also see: How a SIM-card Registration Threatens Your Privacy
The rights body points out that the NIIMS allows the government to collect a huge range of biometric data of all Kenyan citizens and foreign nationals on an unprecedented scale.
This, the body argues, poses a huge risk to the right to privacy of citizens and foreign nationals living in the country and as well as Kenyan nationals around the world.
“Amnesty International is increasingly concerned that the misuse or breaching of these biometric identifiers by the government agencies, corporate bodies or criminal elements could be used for invasive surveillance, profiling and identity theft.”
With the data of the car owner release after the Lang’ata Road accident last week, it goes to show that government bodies which have lots of citizens’ biodata have not put in place measures to ensure that the information available regarding individuals is not misused.
Breach of Data Privacy
In this case, the owner of the vehicle was identified not by the police but by those who could access the data from NTSA.
This, then, raises the question of why such info would be availed to a third party not investigating the case-in this case the police.
At what cost does NTSA avail such information to third parties?
While it may sound like good business for the NTSA, such leakage of data could have adverse effects on the owners and to the Authority itself in case something went awry.
It is now an even more urgent need that Kenyans can have data protection laws which could insulate them from crooks and clout chasers.
Misguiding article: We have a Data Protection Act assented by the President late last year https://www.google.com/url?sa=t&source=web&rct=j&url=http://kenyalaw.org/kl/fileadmin/pdfdownloads/Acts/2019/TheDataProtectionAct__No24of2019.pdf&ved=2ahUKEwjs7qXn1dvnAhVGxoUKHa04BogQFjAEegQIBRAB&usg=AOvVaw0lrdPQpkSoZjo_8bYxmNvl
You do realise that this is the same law that was under scrutiny when the courts ruled against the Huduma number registration practices, right? It was a ‘backdated’ kind of thing to suit the push for the registration. That basically nullifies what you say is in existence.
Also, see this: https://twitter.com/NCS_Kenya/status/1229671190777802752/photo/1