• Amnesty expresses concern that several clauses do not promote the office's independence.
• The lobby also proposed the office of the Data Commissioner made a state office.
Image: FILE
Amnesty International has proposed the appointment of a data commissioner by a selection panel after the President gazettes a vacancy to protect the independence of the office.
The Data Protection Bill, 2019, proposes the appointment of a commissioner by the Information and Communication Technology Cabinet Secretary from three nominees forwarded by the Public Service Commission.
Speaking before the Committee on Communication, Information, and Innovation yesterday, AI executive director Houghton Irungu said they support the intention of the bill to have an independent commissioner.
He, however, expressed concern that several clauses do not promote the office's independence, citing its placement directly under the Information and Communication Technology CS.
He proposed the formation of a selection panel comprised of a chairperson elected by the President, a representative from the ICT ministry, and Kenya National Commission on Human Rights.
Others proposed are a data science professional, an IT professional, and representatives of the Association of Professional Societies of East Africa and the Law Society of Kenya.
The data and IT professionals should each have at least 15 years of experience.
Further, the lobby wants the Data Commissioner to report to the National Assembly as opposed to the Cabinet Secretary.
Amnesty International wants a selection panel to be mandated to appoint a data commissioner after the President has gazetted a vacancy.
It says this will protect the independence of the office. The Data Protection Bill, 2019, proposes the hiring of a commissioner by the Information and Communication Technology CS from three nominees forwarded by the Public Service Commission (PSC).
Speaking before the Committee on Communication, Information, and Innovation yesterday, AI executive director Houghton Irungu said they support the intention of the bill to have an independent commissioner. He, however, expressed concern that several clauses do not promote independence, citing its placement directly under the ICT CS.
Irungu proposed the formation of a selection panel comprised of a chairperson elected by the President, a representative from the ICT ministry, and Kenya National Commission on Human Rights. Others proposed are a data science professional, an information technology professional, and representatives of the Association of Professional Societies of East Africa and the Law Society of Kenya.
The data and IT professionals should each have at least 15 years of experience. Further, the lobby wants the Data Commissioner to report to the National Assembly as opposed to the Cabinet Secretary.
The Bill states the commissioner shall submit annual financial estimates to the CS who then tables in the National Assembly.
“Clause 70 similarly provides that the Data Commissioner shall submit annual reports to the Cabinet Secretary who shall within three months submit the annual report to the National Assembly,” read the proposal.
The lobby also proposed the establishment of the commissioners’ office as a state office so the holder’s removal reflects that of a state officer. Currently, the bill provides for the removal of a commissioner through the PSC.
“We propose that the removal of the Data Protection Commissioner be commenced through a petition to the National Assembly, which, if satisfied, will send the petition to the President for the formation of a tribunal to investigate the conduct of the commissioner and recommend action to the President,” he said.
The lobby also raised concerns on the exemption and penalty clauses of the bill. Amnesty proposed state agencies responsible for national security and public order be bound by the general rules of data protection such as data security, collection limitation and purpose limitation.
“It must be clearly provided in law the nature and extent of data that may be collected for the purposes of national security and public order. We propose the only allowable exemption be limited to seeking the consent of data subject’s access, analyse, process and store data,” Irungu said.
On penalties, Amnesty International said they are lenient and may not serve the deterrent effect they are intended to have, especially where big corporations with high financial muscle are concerned.
“Penalties should be designed to make noncompliance costly for persons or companies that infringe. The European Union General Data Protection Rules provides for penalties that make large and small corporations weigh the cost of compliance against business costs,” he said.
Amnesty also proposed the inclusion of a clause to ensure all data collected, processed, stored or shared in Kenya shall be subject to the provisions of the Data Protection Act.
(Edited by F'Orieny)