Individual consent will now be required from Kenyans before any public or private entities collect data on Covid-19, according to a new policy from the office of the data commissioner. This is in efforts to protect the personal data of Kenyans as the country continues fighting the pandemic.
“There are a number of government initiatives that promote innovative responses to mitigate the effects of Covid-19,” states the draft Data Request Review Framework.
“For some of these aspirations to materialise, access and processing of personal data of individuals are necessary to appropriately respond to the pandemic,” explains the draft policy.
The State will now require services that use individual data such as health and location data to be guided by the Data Protection Act 2019. This includes data used in contract tracing apps and in aid towards Covid-19 responsiveness. The data will only be limited to what is necessary for the purpose and should be destroyed once the purpose is exhausted.
“Responsible parties must collect personal information of an individual for a specific purpose, which in this context is to detect, contain and prevent the spread of Covid-19,” stated the policy.
The policies have been introduced just two months after Kenya appointed and swore into office its first Data Commissioner, Immaculate Kassait. The rules come amid increased research by experts seeking to document the impact of the Covid-19 pandemic.
The ICT Authority has not revealed whether Kenya will roll out a government backed contact-tracing app. In January 2021, Safaricom and 29 other firms were licensed to develop a cashless payment platform for public transport to double up as a contact tracing app.
Company officials who are directly involved with the handling of users’ personal data will be required to demonstrate how they will safeguard it. Personal data-sharing agreements between third parties also have to be approved by the Data Commissioner.