Must have adequate data protection measures
-
-
The only reservation the judges have is use of DNA for identification purposes Unlike other biometrics, DNA is comparison and does not allow for identification to be done in real-time and requires expertise
Prikaži ovu nit -
Guided by authority that said utility of DNA for identification is limited
Prikaži ovu nit -
Court finds use of DNA for identification in the case of Kenya is limited Utility of GPS is even less evident
Prikaži ovu nit -
Even though a biometric characteristic may be considered universal, not all individuals may have it People may lose biometric characteristic over time Different biometric characteristics can be combined Court persuaded by evidence of witnesses of respondents
Prikaži ovu nit -
Court persuaded by respondents that collection of multiple biometric characteristics will lead to system being deterministic
Prikaži ovu nit -
On purpose of data collection - under section 9(a) of the Reg of Persons Act Includes to establish population register, assign a unique number, etc. Thus, principally an identification system
Prikaži ovu nit -
Identification and verification processes will always require a database, say the judges It can be done centrally or locally To that extent, biometric data necessary for stated purposes of NIIMS
Prikaži ovu nit -
System can only provide trustworthy information about identity of person if it holds information about that person in its database
Prikaži ovu nit -
Second sub-issue: whether there was violation of children's right to privacy
Prikaži ovu nit -
Petitioners said Act applies to those over 18 years Respondents say the Act applies to "all" Kenyans; and that the system would play role in combating trafficking of children
Prikaži ovu nit -
Respondents said implementation of
#NIIMS is in best interest of the child - to promote shelter, health, etc.Prikaži ovu nit -
While respondents are reasonable and laudable, court notes the respondents did not address core issues that they believe the petitioners raised on children's rights - that Act doesn't apply to child & would violate child right to privacy
Prikaži ovu nit -
Section 2 said Act applies to all persons who are citizens of Kenya who are 18 and over Petitioners right initially But amendment to section 9(a) says "all" Kenyans Question is about anchoring
#NIIMS in legislation applying to adultsPrikaži ovu nit -
It appears that the manner in which
#NIIMS was brought into being did not reflect much thought on the part of the respondents#HudumaNambaPrikaži ovu nit -
Brought amendments in Act that applies to adults 2nd and 3rd respondents said
#NIIMS would override other systemsPrikaži ovu nit -
Court relied on authorities that later enactments that do not explicitly amend earlier that, if inconsistent, would still be considered to have amended it This is logical because two inconsistent Acts cannot exist
Prikaži ovu nit -
On whether there is violation to child's right to privacy - Court is of the view that general protections related to privacy are also applicable to children, or even more
Prikaži ovu nit -
There is need for particular provisions on consent of children, including age of consent and informing child in appropriate manner of conditions of such consent Where child cannot give consent, much be authorized by parent or guardian
Prikaži ovu nit -
Rights of child over the data upon reaching age of majority is important We note no special provision in impugned amendments Clearly risk of violation to child's right to privacy However, Data Protection Act provides for processing of personal data relating to children
Prikaži ovu nit -
However, there is no definition of the child exists in the Act Rights at age of minority & majority also missing Maintain conclusion that data protection is inadequate (for children)
Prikaži ovu nit -
Third sub-issue: whether there is adequate data protection framework
Prikaži ovu nit -
Judges note the various statutes cited by petitioners and respondents And the Data Protection Act 2019 was enacted after the conclusion of hearings
Prikaži ovu nit -
All parties felt the court should take judicial notice of the act - but petitioners said judicial notice and nothing more, respondents said take note of provisions Judges say judicial notice allows a fact to be introduced into evidence if the root of that fact is so well known
Prikaži ovu nit -
Judges' opinion is that nature of judicial notice means they will not only take notice of the Data Protection Act but also of the provisions therein Protection of personal data relies largely on legal framework, including oversight mechanisms
Prikaži ovu nit -
This is the case with NIIMS where vast amount of personal data is collected by state and data subjects have limited control over how information about them is used Judges focused on whether the Data Protection Act complies with international standards & best practices
Prikaži ovu nit -
However, standards provided are specific to regional court or the UN organization Court opted to be guided by OECD Privacy Principles
#DataProtection#HudumaNambaPrikaži ovu nit -
Principles include data limitation, purpose specification, accountability principle, etc. To a large extent, the Data Protection Act does provide for the principles cited in the OECD Privacy Principles
Prikaži ovu nit -
The Act provides for an independent office of Data Commissioner and for Data Controllers The court however noted that the Registration of Persons Act is not one of the Acts to which the Data Protection Act applies - yet processing of personal data means it does
Prikaži ovu nit -
Regulations that allow Data Commissioner to issue exemptions is a gap in the Act
Prikaži ovu nit - Još 51 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.