Why Kenya must move fast to invest in digital rights security

In an age where digitalisation dominates various aspects of life, handling citizens’ personal information has become a topic of immense importance. Like many other countries, Kenya is undergoing rapid digitisation, raising questions about the fairness and legality of digitalising citizens’ personal information.

Digitalising personal information involves collecting, storing, and processing individuals’ data in electronic format. This data encompasses a wide range of information, including but not limited to identification details, biometrics, financial records and health information. In Kenya, initiatives such as the Huduma Namba project and digitisation of government services have significantly accelerated the digitalisation of citizens’ personal information.

Additionally, the alarming rise of cyber warfare and digital censorship poses severe threats to freedom of expression and information dissemination. World governments and private entities must refrain from using technology for surveillance and censorship. Instead, they should respect individuals’ rights to express their opinions and access information freely without fear of reprisal or restriction.

In November 2023, the Kenyan government initiated a trial programme for the new digital IDs. First-time ID applicants will now be granted the “new Maisha Card,” according to the administration. Applicants needing to replace defaced or lost cards would also receive a new one.

Disagreeing with issuing digital IDs can stem from various concerns, including privacy, security, and potential infringement on civil liberties. Some might disagree with issuing digital IDs because the process often involves collecting and storing personal information in electronic databases.

This raises concerns about who has access to this data, how it’s stored, and how it might be used or misused by governments, corporations, or hackers. Secondly, storing personal information digitally can make it vulnerable to cyber-attacks and data breaches. If a digital ID system is compromised, it could lead to identity theft, financial fraud, or other forms of cybercrime. Thirdly, some argue that requiring citizens to have digital IDs infringes on their rights to privacy and freedom of movement.

Most people may see it as a form of government surveillance or control over individuals’ lives.

Implementing a digital ID system could disproportionately affect marginalised communities that may have limited access to technology or face barriers in obtaining official identification documents. This could exacerbate existing inequalities and lead to further exclusion and discrimination.

The right to information is enshrined in various legal instruments globally, including Kenya’s Constitution. It guarantees citizens access to information held by public bodies, subject to certain limitations. While this right primarily pertains to access to government-held information, its principles can be extrapolated to digitalising citizens’ data.

The fairness of digitalising citizens’ personal information hinges on several factors, including whether citizens are adequately informed about the data being collected, how it will be used, and who will have access to it.

Transparency is essential to ensure individuals can make informed decisions about their privacy.

Is consent obtained from individuals before collecting their personal information? Consent should be freely given, specific, and informed, per data protection laws.

Are robust measures in place to safeguard citizens’ data against unauthorised access, misuse, or breaches? Adequate security measures are vital to protect individuals’ privacy and prevent identity theft or fraud.

Is the collected data used only for its intended purpose, or is it shared or repurposed without consent? Adhering to the purpose limitation principle ensures that personal information is not misused or exploited.

Are there mechanisms to hold entities responsible for misusing or mishandling citizens’ personal information? Accountability mechanisms, such as data protection authorities, are crucial in enforcing compliance with data protection laws.

Case example includes the Kenyan World Coin Case, which reiterates that technology in Kenya is based on the assumption that a foreign company can walk into the country and implement their technology projects maliciously by luring citizens with money to key in their data that is not well acquainted to them or using the correct data protection procedures. This is where the legal fraternity comes in to appreciate citizens’ data protection issues and build jurisprudence through their wise decisions.

In conclusion, while digitalising citizens’ personal information can enhance efficiency and service delivery, it must be done to uphold fairness and legality. From the perspective of the right to information in the Kenyan context, ensuring transparency, obtaining informed consent, implementing robust security measures, adhering to purpose limitations, and establishing accountability mechanisms are essential.

By prioritising these principles, Kenya can navigate the complexities of digitalisation while safeguarding citizens’ privacy rights and promoting transparency and accountability in handling personal data.

Business
How new KRA guidelines will impact income tax calculation
Business
Job loss fears as Mbadi orders cost-cutting in State agencies
Opinion
Diversifying Kenya's exports for economic prosperity
Business
State defends livestock vaccination programme