Parliament has been prompted to further strengthen the Office of the Data Protection Commissioner (ODPC)’s independence by changing the Data Protection Act to make it autonomous and separate from the Ministry of Information, Communications, and Telecommunications (ICT).
According to recent research by KICTANet, a multi-stakeholder think tank on ICT policy and regulation, parliament should also enhance the ODPC’s funding allocation so that it may properly carry out its mandate across the country.
The report represented Kenya’s efforts, difficulties, achievements, and opportunities as it worked to implement the Data Protection Act.
“ODPC should issue relevant guidelines, codes, and frameworks to fully operationalize the Data Protection Act(DPA), including publishing guidance for lawful data-sharing between state agencies, and adequacy rules to facilitate lawful cross-border data transfers,” said KICTANet.
The study, which is titled ‘Five Years of Kenya’s Data Protection Act,’ recommended that the government develop a complete national data governance framework to handle complementary data protection concerns such as interoperability, data classification, and data security.
It urged ODPC to step up efforts to monitor and oversee the data processing operations of all data handlers, particularly state entities, Big Tech, and the financial industry.
However, the research stated that the ODPC’s independence is threatened by inadequate financing, poor personnel, legal framework, political meddling, and the existence of competing data protection functions with other sector regulators.
Also Read: Data Protection Commissioner Cautions Kenyans Against Sharing Personal Details with WorldCoin