Day 3: Personal Data Protection
Good morning Listers Today, we move onto PART II: PERSONAL DATA PROTECTION and will tackle four questions. Objectives of this Convention with respect to personal data Article II – 2: Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data. The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the target for which the businesses were established. Question: What is the relevance of this article? What are these state prerogatives? And given the increased interest of state surveillance, how can states balance respect of FOE while recognising state prerogatives? Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection Authority which is meant to establish standards for data protection. Article II – 14 provides for each Member State of the African Union to establish an authority with responsibility to protect personal data. It shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with domestic legislations. Further, article II-17 states that ‘Sworn agents may be invited to participate in audit missions in accordance with extant provisions in Member States of the African Union’. Question: Considering that this article seems to be tied to the Protection Authority, what is its relevance? And who is a ‘sworn agent?’ What should this authority look like in terms of its composition? Article II – 20: …Members of the protection authority shall not receive instructions from any authority in the exercise of their functions. Article II – 21: Member States are engaged to provide the national protection authority human, technical and financial resources necessary to accomplish their mission. Question: It appears that this Data Protection Authority is envisaged to be fully government supported. Therefore, should we be talking of its independence? In what way should this article be framed so that it ensures independence of the Authority? Article II – 28 to II-34 outlines six principles governing the processing of personal data namely: Consent and of legitimacy, Honesty, Objective, relevance and conservation of processed personal data, Accuracy, Transparency and Confidentiality and security of personal data. Under each of the specific principles, detailed explanation of how each should be undertaken is offered. Question: Is this explanation and detailing of how to undertake each necessary in an international (regional) law necessary or needed? Is this legislation overkill? Lets get your views on data protection concerns. RgdsGG
We also need to probe whether the intent was to protect Africans data from external violations of privacy among other fundamental rights, for example, Kenyans private data gathering by US NSA online surveillance reported on 'NSA porn spying' -- <Quote> Instead, the NSA believes the targeted individuals radicalize people through the expression of controversial ideas via YouTube, Facebook and other social media websites. Their audience, both English and Arabic speakers, "includes individuals who do not yet hold extremist views but who are susceptible to the extremist message,” the document states. The NSA says the speeches and writings of the six individuals resonate most in countries including the United Kingdom, Germany, Sweden, *Kenya*, Pakistan, India and Saudi Arabia. <Quote> http://www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n_4346128.html On Wed, Nov 27, 2013 at 12:23 AM, Grace Githaiga <ggithaiga@hotmail.com>wrote:
*Good morning Listers*
*Today, we move onto PART II: PERSONAL DATA PROTECTION and will tackle four questions.*
*Objectives of this Convention with respect to personal data*
*Article II – 2:*
*Each Member State of the African Union shall put in place a legal framework with a view to establishing a mechanism to combat breaches of private life likely to arise from the gathering, processing, transmission, storage and use of personal data.*
*The mechanism so established shall ensure that any data processing, in whatsoever form, respects the freedoms and fundamental rights of physical persons while recognizing the prerogatives of the State, the rights of local communities and the target for which the businesses were established.*
*Question:* *What is the relevance of this article? What are these state prerogatives? And given the increased interest of state surveillance, how can states balance respect of FOE while recognising state prerogatives? *
*Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection Authority* which is meant to establish standards for data protection. Article II – 14 *provides for each Member State of the African Union to establish an authority with responsibility to protect personal data. It* *shall be an independent administrative authority with the task of ensuring that the processing of personal data is conducted in accordance with domestic legislations.*
Further, article II-17 states that ‘*Sworn agents may be invited to participate in audit missions in accordance with extant provisions in Member States of the African Union’.*
*Question:* *Considering that this article seems to be tied to the Protection Authority, what is its relevance? And who is a ‘sworn agent?’ What should this authority look like in terms of its composition? *
*Article II – 20:*
*…Members of the protection authority shall not receive instructions from any authority in the exercise of their functions. *
*Article II – 21:*
*Member States are engaged to provide the national protection authority human, technical and financial resources necessary to accomplish their mission.*
*Question:* *It appears that this Data Protection Authority is envisaged to be fully government supported. Therefore, should we be talking of its independence? In what way should this article be framed so that it ensures independence of the Authority?*
*Article II – 28 to II-34 *outlines six principles governing the processing of personal data namely:
Consent and of legitimacy,
Honesty,
Objective, relevance and conservation of processed personal data,
Accuracy,
Transparency and
Confidentiality and security of personal data.
Under each of the specific principles, detailed explanation of how each should be undertaken is offered.
*Question:* *Is this explanation and detailing of how to undertake each necessary in an international (regional) law necessary or needed? Is this legislation overkill?*
*Lets get your views on data protection concerns.*
Rgds
GG
_______________________________________________ isoc mailing list isoc@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/isoc
participants (2)
-
Alex Gakuru -
Grace Githaiga