Data Protection Bill: Portability section

Posted By KICTANet Admin On 0

KICTANet produced the Memorandum on policy regulatory framework for privacy
and data protection submitted to the task force on Privacy and Data
protection 2018.

Check on the submission section here:
www.kictanet.or.ke/?page_id=40115

When you look at the reporting issue as a business entity, is 30 days good
enough? When creating laws, we must be able to balance interests of
different stakeholders. How many extra resources would a company need to
produce reports in a week? Two weeks? A month? Probably 30 days is a
reasonable period.

On Fri, Jul 5, 2019, 18:39 Rafe Mazer via kictanet <
[email protected]> wrote:

> Also like the point on leaving flexibility in the Law not saying 30 days
> across the entire economy.
>
> Rafe Mazer
> Consumer Protection and Behavioral Research Consultant
> Nairobi, Kenya
> +254 723950645
> @rkmazer
>
> On 5 Jul 2019, at 11:23 AM, Liz Orembo <[email protected]> wrote:
>
> Thank you for starting this discussion Rafe,
>
> I agree 30 days to honor consumer data request could be too long compared
> to Access to Information Act that gives 21 days. Perhaps we should leave it
> for the data protection authorities to set guidelines for different
> industries and probably encourage automated retrieval of personal data by
> the end users.
>
> I am also of the view that data portability cannot be free of charge in
> all circumstances. I get the point that the term ‘reasonable’ may be
> subject to abuse (perfect demonstration is in the presidential elections
> petition), but there is also a cost element to collecting data. Why would a
> company want to transfer it for free to another company? Of course would
> love to hear others opinion on this.
>
>
> On Fri, Jul 5, 2019 at 5:40 PM Rafe Mazer via kictanet <
> [email protected]> wrote:
>
>> Hi KICTA Net members. I’m Rafe Mazer, a consumer protection in digital
>> financial services specialist working in Kenya the past 5 years (and
>> globally on this toic for 10+ years.)
>>
>> I just saw the new Data Protection Bill within the National Assembly (
>> parliament.go.ke/sites/default/files/2019-07/The%20Data%20Protection%20Bill%2C%202019.pdf)
>> and wanted to raise a discussion internally about Section 38 on Data
>> Portability to see if KICTA Net may want to engage further on the topic.
>> Specifically there are two aspects that were concerning:
>>
>> 1. The allowance for 30 days to honor a data subject’s request for
>> information held on them.
>> In a digital economy, this is an excessively long period, and also quite
>> a blunt instrument to apply across the entire economy, where health records
>> are different from government records are different from financial records,
>> etc. This would also kill the utility of portability in spaces like
>> FinTech. Imagine I want to use my economic history with data controllers to
>> get competing mobile loan offers. It could take up to 30 days to share that
>> information, which is not aligned with the near-instant nature of these
>> products and consumers’ expectations on timing. Already the Bill rightly
>> notes portability should only apply where “technically feasible” to exempt
>> low-tech industries or providers, so there is no sense is saying that those
>> who are deemed to be able to comply technically with portability should
>> have up to 30 days to do so. If this language is kept in it will be used to
>> delay–and defacto deny–consumer use of their data for increased choice in
>> digital segments of the economy.
>>
>> Further, since access to information is included in the same section as
>> portability, and they are not explicitly differentiated, you could argue
>> data controllers have not just 30 days to honor a portability request, but
>> to even tell you what data they hold on you the data subject. This is far
>> too long a time to permit for a basic consumer data right. Right now some
>> providers offer financial statements to the data subject much faster than
>> that–in minutes or seconds–but allowing 30 days could encourage setting
>> practices to that standard going forward, reducing consumer access to their
>> own data not improving it.
>>
>> 2. The allowance of a “reasonable fee” to be charged for a portability
>> request could lead to anti-competitive and excessive pricing. “Reasonable”
>> is highly subjective, and we have seen Competition Authority already had to
>> intervene to stop anti-competitive use of wholesale USSD rates in mobile
>> financial services (
>> techweez.com/2017/03/17/cak-wants-safaricom-lower-ussd-charges-mobile-banking/).
>> It is highly likely a “reasonable fee” window would be deployed similarly
>> where beneficial to firms and require ex-post intervention. The original
>> language from the 2018 Bill where this was free of charge seems a much
>> better approach.
>>
>> Curious to hear others’ thoughts or context on this section, and how
>> KICTANet could help to fix this section for the final version of the Bill
>> so we don’t create an anti-innovation and anti-consumer portability regime
>> that will be the law of the land.
>>
>> Thanks for the chance to share and discuss on this platform,
>>
>> Rafe Mazer
>> _______________________________________________
>> kictanet mailing list
>> [email protected]
>> lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at
>> lists.kictanet.or.ke/mailman/options/kictanet/lizorembo%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people’s times and bandwidth,
>> share knowledge, don’t flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
> —
>
> Best regards.
> Liz.
>
> PGP ID: 0x1F3488BF
>
> _______________________________________________
> kictanet mailing list
> [email protected]
> lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafrica.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people’s times and bandwidth,
> share knowledge, don’t flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>

_______________________________________________
kictanet mailing list

KICTANet Admin
KICTANet Admin information

Related Posts

A photo of the 31st KU Culture week
Digital Technology and Us
Cybersecurity Month Celebrations: Bridging the Skills gap in Cybersecurity
Photo of participants during the WACC Forum.
Nothing About Us Without Us.

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.