Decisions made around how COVID-19 data are used are taken through established democratic processes
“The Constitution provides Parliament with the mandate over the exercise of emergency power as declared by the President for emergencies which persist over 14 days. The Senate of the Twelfth Parliament has also established an Ad Hoc Committee on the Covid-19 Situation. The Committee is mandated to exercise parliamentary oversight over actions taken by the national and county government in addressing the spread and effects of Covid-19 in Kenya. Having considered the measures the Kenya government has taken to address the pandemic, the Committee has noted the need to develop a legislative framework regarding the management of the Covid-19 pandemic and future emergencies.
The Supreme Court may also interrogate the validity of a declaration of a state of emergency, and High Courts enjoy original jurisdiction to uphold and enforce the Bill of Rights.
The Data Protection Act of Kenya is the primary source of law which regulates data protection in the context of Covid-19. Data subjects are entitled to file complaints about the collection and processing of their data with the Data Commissioner. The Data Commissioner may make an adverse finding and serve an enforcement or penalty notice on a party in breach of their obligations under the Data Protection Act.”
The public is consulted on how sensitive data (e.g. location data derived from mobile phones) are shared and used to tackle COVID-19, and their responses are used to inform policy interventions
After an extensive desktop search of online information, no information could be found to demonstrate that the public had been consulted on how sensitive data is used or shared to tackle Covid-19.
Any public-private data partnerships that are established to share and use COVID-19 related data should also include representatives from civil society and digital rights groups
After an extensive desktop search of online information, no information could be found which suggested that any public-private partnerships included representatives from civil society and digital rights groups.
The needs of vulnerable groups are taken into account and steps to protect ‘sensitive group data’ are included alongside actions to protect individuals’ data
After an extensive desktop search of online information, no information could be found to demonstrate that data regulation strategies considered the needs of vulnerable groups or that steps were taken to protect sensitive group data