Data Privacy Day is an initiative of the Council of Europe that was first launched in 2007. It is now celebrated internationally and the primary purpose is to increase data protection and online privacy awareness and literacy throughout the world. The date 28 January commemorates the opening for signature of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data in 1981 by the Council of Europe (the Convention), which was the first legally binding international instrument in the data protection arena. The Convention mandated contracting states to take the necessary steps in their domestic legislation to apply the principles laid down in the Convention and uphold the fundamental human rights of all individuals with regard to processing of personal data.

In 1981, data privacy and protection was not at the forefront of policy discussion anywhere in the world, let alone here in Kenya. Fast forward to 2020 and according to statistics published by the United Nations Conference on Trade and Development, 107 countries have now put in place legislation aimed at safeguarding and regulating data and privacy. The Kenyan Data Protection Act (the DPA) was enacted on 11 November 2019 and comes at a time when data is more crucial than ever in the Kenyan ecosystem. The last two decades in Kenya have seen mobile communications and internet connectivity rapidly increase, giving rise to a lucrative data economy. Moreover, events in the national political landscape such as the 2017 general election and subsequent introduction of the 'Huduma Namba' raised the antennae of law-makers and citizens on the need for appropriate safeguards in relation to the use of personal data.

Now, more than ever, issues of lawful and transparent data processing are at the heart of policy-making worldwide. The rise of the digital age has meant that more personal data is being processed, shared and transferred between entities, often involving cross-border transfers which reflects the increased use of cloud services across the globe. According to recent statistics published by Voa News as of January 2019, data breaches cost companies worldwide almost USD 4 million on average for every incident, underscoring the need for effective international and national legislation implementing appropriate safeguards for data protection.

The enactment of the DPA is a marked achievement for Kenya, joining the club of 24 African countries with legislation on data privacy and protection, and the second in the Eastern African bloc, following Rwanda. The Regulations to be developed as subsidiary legislation to the Act will be key in operationalizing the DPA, as we have previously noted here. 2020 will be a year to watch.

Happy Data Privacy Day!

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.