By John Walubengo
Kenyan lawmakers are debating the Finance Bill 2024 that would exempt the Kenya Revenue Authority (KRA) from the Data Protection Act (2019).
This means KRA could access your data, like mobile money records, without a warrant.
Section 51 of the Data Protection Act does provide for some exemptions such as for journalist works, individual household activities, and national security, amongst others.
The Finance Bill (2024) seeks to insert KRA as being one of those entities and related activities that should not be bound by the principles of data protection.
These data protection principles operationalize Article 31 of the Constitution 2010 which states that every person has a right to privacy.
The privacy principles include, but are not limited to the right to data minimization, purpose limitation, consent requests, and transparency around access and processing of my data.
Essentially, Clause 63 of the Finance Bill seeks to exempt KRA from the above provisions by allowing KRA to access your data randomly – as and when it feels like for assessment, enforcement and collection of Tax.
The legality or otherwise of this proposal has already been comprehensively interrogated by various legal minds at KICTANet, and Amnesty International amongst others.
In this blog, I seek to imagine as a layman what that provision would afford KRA to do concerning your data in its noble pursuit of collecting tax.
KRA Access to Mobile Money Records
First on its radar would be your M-PESA or mobile money records without judicial oversight. It is no secret that KRA has had a long-standing quest to access your mobile money records to understand your financial behaviour and to extrapolate your financial worth.
Using this extrapolated estimate, they would then proceed to compare it against your declared tax returns. If they feel there is a significant disparity between your declared tax and your mobile money transactional behaviour, they would perhaps send a tax auditor to visit your office or even home – since they will be at liberty to discover where you live.
Whereas this looks like a good strategy to catch the tax evaders, it presents a gross violation of citizens’ rights to privacy. Additionally, it is wrong to assume that every financial transaction through someone’s mobile money wallet is an income item that is subject to tax.
Avalanche of Exemption Requests
Imagine your mom somewhere up country being ambushed by KRA officials to declare tax in what is construed to be an income stream – yet it could be a regular contribution from her children to cater for her monthly medical or upkeep budget from her children.
Another problematic issue with this type of exemption overreach is that it will trigger an avalanche of Data Protection exemption requests from other public sector agencies, many of whom silently feel the Data Protection provisions are some unnecessary burden of not outrightly evil.
I could imagine each of them amending their parent Acts, to remotely change the Data Protection Act (2019). At the end of the day, the privacy regime in the country will be so diluted as to be as good as not having been enacted in the first place.
This is a backdoor attack on the constitutional provisions of the citizen’s right to privacy. I hope the MPs, are aware of this privacy issue, even as they get bombarded with other contentious issues in the proposed Finance bill of 2024.
RELATED
- Kenya’s Data Protection Act (2019) – 5th Anniversary Evaluation & Future Pathways!
- Kenya Navigates Digital Taxation: Balancing Growth and Revenue
- Kenya to Transition from Digital Service Tax to Significant Economic Presence Tax
- Kenya’s Digital Tax Tightrope: Balancing Revenue with Growth
John Walubengo is an ICT Lecturer and Consultant. @jwalu.