On 18th April 2019, the Cabinet approved the amended draft of the Data Protection Bill drafted by the Ministry of ICT Taskforce. The final draft of the bill is expected to be published in the Kenya Gazette and tabled in the National Assembly 14 days after publication. The approved draft features 17 new sections and some deleted provisions as amendments to the 2018 draft as a result of public participation window input. Though Parliament is expected to make some changes as part of the legislative process, this notes aims to highlight the business impact of the approved final draft as approved by Cabinet on 18th April.
Definitions
The amended definitions of the final draft Data Protection Bill 2019:
· No longer requiring anonymisation to be irreversible.
· Deletes the definition of biometrics as a technique for data collection and replaces it with a definition for biometric data that is in line with the definition adopted in the Statutes Miscellaneous Amendment Act of 2018 used to establish the NIIMS.
· Deletes the definition of cross-border data processing
· Adds the definition of encryption as the process of converting data of any readable data using technical means into coded form.
· Deletes political opinion, personal preferences and personal financial expenditure from the definition of sensitive personal information.
The impact of these amendments is to create a favourable environment for some business by reducing the cost of anonymisation and removing the special precautions previously required to process information relating to client’s political opinion, personal preferences and personal financial expenditure. The amendments also harmonize the legal definition of biometric data promoting legal uniformity in the definition of biometric data.