How to enhance data privacy in era of digitised world after online shift

Over the past five years, with government and private sector shifting their operations online, it has become almost impossible for Kenyans to transact without interacting with some form of digital tool.

Whether that is the electronic Tax Invoice Management System (eTIMS) for invoicing or the mobile money platform M-Pesa for payments, these tools have transformed how citizens transact.

According to the Communications Authority of Kenya (CA) estimates, e-commerce penetration rate has grown by more than 10 percent in five years from 40 percent in 2020 to 53 percent this year.

While significantly beneficial to Kenyans, this digital transformation has resulted in increased digital footprint left behind by citizens, raising concerns around the safety of sensitive personal data.

Since enactment of the Data Protection Act in 2019, and the establishment of the Office of the Data Protection Commissioner (ODPC) in 2020, significant progress has been made towards protection of consumer data.

However, the dynamic tech advancements in artificial intelligence, the Internet of Things, biometric data capture, and social media pose a challenge to data protection laws.

These technologies have brought about new ways of personal data sharing and processing, which outpace the set laws, and unscrupulous organisations have taken advantage of policy gaps to avoid compliance.

As the country strides forward into a digital future that promises economic growth and creation of opportunities, particularly for the youth, proactive measures must be undertaken to protect personal data.

For starters, stakeholders need to prioritise capacity-building to enhance understanding and implementation of data protection principles in public and the private sectors.

This will help to inculcate a culture of responsible data stewardship, particularly among the private sector, which has been the biggest culprit when it comes to the mishandling of personal consumer data.

Although several organisations handle personal data every day, figures from the ODPC, show that less than 10, 000 businesses are certified as data handlers.

Conducting thorough sensitisation on why this certification is important, not only for compliance with the law but also for building trust and reputation, could encourage more organisations to get certified.

Consumers should conduct thorough due diligence on the organisations they interact with, to ensure that they are certified as data handlers to guarantee the protection of their sensitive data.

Recognising the dynamic nature of the digital landscape, the government should conduct regular reviews of existing data protection policies to ensure that they remain agile, responsive, and aligned with emerging consumer trends and international best practices.

The writer is the head of services at Odoo in Kenya