|
Getting your Trinity Audio player ready...
|
By Jasmine Atieno
Mombasa, Kenya: When Sarah Naitto, a mother of three in Nyali, Mombasa, was tagged in a Facebook post by her church, she was shocked to see a video of her child. Her daughter’s school had shared the video—which included the child’s age and other personal details—as part of a promotional campaign, without Sarah’s knowledge or consent.
“The comments were kind, but I was enraged,” Sarah recalls. “Someone who didn’t even know my child went to that school now had her information. It felt like a violation.” She immediately contacted the school, demanded the video be taken down, and cited Kenya’s Data Protection Act. For her, the law was not an abstract policy but a lifeline—a tangible tool to reclaim control and dignity.
Sarah’s experience reflects a growing unease that prompted Kenya to pass the Data Protection Act in 2019. At the time, the digital economy was booming, but so were complaints: phone numbers sold to marketers, schools mishandling children’s records, medical details leaked. The Act was a direct response, designed to align Kenya with global standards and give citizens power over their digital lives.
Seven years later, the Office of the Data Protection Commissioner (ODPC) has become a household name. It has received more than 9,000 complaints and taken hundreds of enforcement actions. Each case tells a human story—a parent, a harassed consumer, an employee whose private records were exposed.
That urgency was palpable at a recent three-day ODPC conference in Mombasa, held ahead of Data Protection Day. Under the theme “Trust the Data, Drive the Future,” stakeholders gathered to assess progress and confront ongoing challenges.
David Omwoyo, CEO of the Media Council of Kenya, emphasized the media’s critical role. “We are custodians of transparency, but we must also respect the sanctity of personal information. If we fail to strike this balance, we risk eroding trust in the very idea of a free and open society,” he warned. “The media must be part of the solution, not part of the problem.”
Data Protection Commissioner Immaculate Kassait highlighted that enforcement is only one part of the mission. “Our mandate is not just punitive,” she explained. “We are here to build a culture of compliance. Every complaint resolved is a step toward embedding respect for privacy into the DNA of our institutions.” She was particularly emphatic about children’s data, calling its protection “non-negotiable.”
ICT Principal Secretary John Tanui connected data protection to national ambition. “Strong data governance is not just about protecting citizens—it’s about fueling Kenya’s digital economy,” he said. “Without trust, our digital transformation cannot succeed. With trust, we can unlock opportunities that will place Kenya at the forefront of innovation in Africa.”
The ODPC’s record demonstrates the law’s teeth: 357 determinations, 134 enforcement notices, 20 penalty notices, and 184 compensation orders since 2019. Yet challenges persist. Unauthorized disclosures remain common in sectors like marketing and hospitality. The ODPC has urged hotels and businesses to dispose of personal data within 30 days to prevent misuse. And while over 15,000 data controllers and processors have registered, compliance is still uneven.
What makes this moment significant goes beyond statistics. It marks a cultural shift: Kenyans are increasingly viewing privacy as a right, not a privilege. Institutions are learning that data misuse has consequences. And the government is reinforcing that in the digital age, trust is the ultimate currency.
@sparkleMine
