By Innocent Anguyo
KAMPALA, Dec 2 — The government has drafted a law to protect the privacy of Ugandans in cyberspace at a time when the people are experiencing a host of breaches of individual privacy in the gathering, processing, transmission, storage and use of personal data.
The draft Data Protection and Privacy Bill is aimed at protecting the privacy of an individual and personal data by regulating the collection and processing of personal information and to provide for the rights of the persons whose data is being collected and the obligations of the data collectors and processors.
It also aims to regulate the use or disclosure of personal information and for related matters. Generally, this draft law is aimed at empowering Ugandans to have control over their personal information in texts, images, sounds and software.
The Bill comprehensively provides for the rights of persons whose data are collected and obligations of data collectors and data processors; and governance measures and procedures to administer, receive complaints and settle disputes.
It also provides for guidance for data controllers and processors to protect data subjects; an enforcement mechanism to allow individuals to enforce their rights and remedies for infringement of the rights of individuals.
The Bill, which was drafted by the Ministry of Justice and Constitutional Affairs with support from the National Information Technology Authority of Uganda (NITA-U), was presented by Alex Byaruhanga of the Ministry of Justice and Constitutional Affairs during a consultative stakeholders’ forum here Monday.
Stella Alibateese, the Director for Regulation and Legal Services at the NITA-U, said the draft Bill was in conformity with the provisions of Article 27 of the Constitution which guarantees the right to privacy, while it respected fundamental rights and freedoms of individuals and was in conformity with progress in other countries.
The draft Bill requires that data subjects should be informed of who the data controller is; the purpose of collecting the data; how long the data will be kept and any third parties to whom the data will be disclosed. Therefore, informed consent should be considered when data is acquired from persons.
The Bill also requires that personal data should be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
However, the Bill makes exceptions for personal data obtained for defence or public security; prevention, investigation, indictment or prosecution of criminal offenes; population census, and FOR processing OF salaries, pensions, taxes, levies and other payments.
SOURCE: NEW VISION