Don't exempt KRA from data protection law
Editorial
By
Editorial
| May 22, 2024
The National Treasury’s proposal to exempt the Kenya Revenue Authority (KRA) from the Data Protection Act has understandably raised concern among Kenyans, who fear that this will set a worrying precedent.
The proposal by the National Treasury seeks to exempt the processing of personal data relating to the assessment, enforcement and collection of taxes from the Act in a move that will give the KRA carte blanche to access and review personal financial records of any Kenyan.
The amendment is concerning and it comes a few years after the enactment of the Act that has made Kenya an exemplary country on the continent in regards to the recognition of its citizens’ private data in a fast-evolving digital landscape.
Passing such amendments that erode the safety rails that make this crucial Act effective sets a bad precedent and takes the country a step backward.
READ MORE
Banks rush to comply with CBK rule on spying customer deals
Public-Private Partnerships: Powering Kenya's energy future
How CBK rate hikes impact Treasury's emergency loans
KRA could miss out on millions in tax revenue from Zuku sale
Safaricom-led consortium was vetted before approval, says PS Kimtai
Varying standards curtail Kenyan insurers' regional foray
Kenya and Algeria to expand trade agreements, Mudavadi says
Report: How Kenya's weak labour market hurts economy
Humanitarian agency banks on annual learning event to drive innovation, growth
New KPCU advances Sh125 million cherry fund loans to coffee farmers
In the first place the Data Protection Act 2019 already has several exemptions embedded into it that take into account circumstances where the state may be exempt.
Law enforcement and judicial authorities, for example, are exempt from the Act when gathering or processing data that is necessary for national security or in cases where a court has ordered the disclosure of particular information.
Such provisions, like the rest of the Act, were borrowed from the General Data Protection Regulations (GDPR) of the European Union which served as the blueprint for many legislations developed by developing countries.
Global best practice
The GDPR also contains exemptions for intelligence services, police and judicial officers in processing data that is crucial for criminal investigations or proceedings.
And even within these exemptions, the GDPR has laid down guidelines on how enforcement agencies should handle the personal data of citizens to ensure that they execute their work without violating citizens’ private data.
It is thus concerning that the Kenyan government is breaking away from global best practice in the administration of the Act.
A proposed exemption for the KRA written into the law could dampen the appetite of investors who shun any additional State interference in their business.
It could also open a Pandora’s box of abuse by State officials as has been witnessed before. In the 2017 general elections, officials from the Interim Electoral and Boundaries Commission were found culpable when political parties gained access to millions of Kenyans’ phone numbers and proceeded to send them targeted campaign SMSs.
It is worrisome to think what political rivals and unscrupulous State officials can do with full access to a database containing the names, identities, income and business interests of all Kenyans.
The KRA already has significant powers and authority that it uses to justify its crucial role. Additional powers that call for re-writing the law would not translate to more collections as believed, but push some taxpayers underground and into the black market.
- Why seven Cabinet members were replaced
- AG seeks dismissal of Jowie's death penalty appeal
- The legacy of Rita Tinina: A humble and dedicated journalist