New Data Regulations Allow Kenyans To Exclude Personal Data From National Database

KENYA ID

Kenyans now have a right to say which of their personal data is captured in the country’s database and which is not. From now on, Kenyans who object to having their data processed will fill a request form restricting or objecting to the processing of their information.

A civil registration entity shall seek consent from a data subject for processing of personal data at the time the personal data is collected,” says the Data Protection Civil Registration Regulations, 2020. 

Here Is All You Need To Know

  • According to the new regulations, Kenyans who opt to have their personal data excluded from the National Information Integrated System (NIIMS) and the Huduma Namba registration will have to write to the government giving reasons why they object.
  • The new regulations were published by the country’s Ministry of Information, Communication and Technology.
  • The new rules say that government will have to seek consent from the public before collecting personal data.

“A civil registration entity shall…collect personal data which it is permitted to collect by the data subject, undertake steps to ensure the quality of personal data and undertake processes to secure personal data,” the regulations say.

Read also: Drone Operations In Kenya To Get Tough Regulations Soon

  • The regulations are one of two sets of draft legislation introduced by the ministries of ICT and Interior that seek to correct flaws in the Huduma Namba registration conducted last year that was halted by a court challenge from civil rights organisations.

Screenshot of the Countries + Risk database portal hosted by the Global Risk Information Platform (GRIP).The blue dots identify countries that have national/regional loss and damaged databases. Source: http://www.gripweb.org/gripweb/?q=countries- risk-information
  • The Registration of Persons (National Integrated Identity Management System) Regulations, 2020, on the other hand, give the scope and objectives of the NIIMS database, Huduma Namba and Huduma Card.
  • Once enrolled into NIIMS, the country’s residents will have the option of registering for the Huduma Card under one of four categories; minors above the age of six, adults above 16 years, foreigners and refugees.

For purposes of establishing proof of identity, the presentation of the Huduma Card or Huduma Namba authenticated by biometrics shall constitute sufficient proof,” the regulations say.

  • The High Court of Kenya last month said there was need for a clear regulatory framework to address the possibility of exclusion in NIIMS before the Huduma Namba registration programme kicked off.

“An inadequate legislative framework for the protection and security of the data is clearly a limitation to the right to privacy in light of the risks it invites for unauthorised access and other data breaches,” ruled a three-judge bench.

  • In the case, the State was hard-pressed to explain the necessity of spending Sh6 billion on a fresh registration process without enacting the data protection law as had been advised by experts in the public and private sectors.
  • Anand Venkatanatayanan, an expert witness in the case, said centralisation of personal data would be a threat, inviting cyber-criminals and hackers to attempt to access valuable data sets on citizens.

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer.
He could be contacted at udohrapulu@gmail.com