Kenya has been accredited to join the Global Privacy Assembly. This happened during the 44th Session of the #GPA2022 held from 25th -28th October 2022 in Istanbul Turkey. 

The Global Privacy Assembly seeks to provide leadership in data protection and #privacy by connecting the efforts of more than 130 data protection authorities across the globe.

Kenya’s Data Protection Commissioner, Immaculate Kassait MBS, took part in the assembly meeting, whose theme was ‘A matter of balance, Privacy in the era of rapid technological advancement’.

The Global Privacy Assembly GPA is an international organization where privacy and data protection authorities around the world can come together to carry out their duties practically to ensure high data protection standards, encourage and facilitate cooperation.

Kenya now joins the growing list of at least 130 members of GPA, whose vision is an environment in which privacy and data protection authorities around the world act to fulfill their mandates, both individually and in concert, through diffusion of knowledge and supportive connections on data protection.

Kenya introduced the Data Protection Act in 2019 and appointed the Data Protection Commissioner the following year. 

The Data Protection Regulations among others prohibits the collection, processing or disclosure of an individual’s information without their permission, selling any personal data without express consent, and provides for the requirement that data processors must be registered with the office of the data commissioner, to process any data.

At the same time, most kinds of data about Kenyan citizens cannot be moved outside the country without their permission, among other requirements. 

The Global Privacy Assembly sets out the eligibility criteria for authorities that wish to become members of the Assembly. Authorities are eligible to apply for membership status if they are a public entity, created by an appropriate legal instrument based upon legal traditions of the country or international organization which it belongs to.

The rules also say that an authority seeking membership must have the supervision of the implementation of the legislation on the protection of personal data or privacy as one of its principal regulatory mandates, operate under legislation compatible with the principal international instruments dealing with data protection or privacy, have an appropriate range of legal powers to perform its functions and have appropriate autonomy and independence. 

At the same time, the purpose of the Assembly is to hold eye-opening sessions by bringing together experts in the field of privacy and data protection in the light of current developments, to prepare pioneering and guiding reports and make decisions on the protection of personal data in accordance with the mission and vision of the GPA.

According to GPA, this year’s main theme drew attention to the rapid advancement of technology, occasioning various problems regarding establishing the balance between technological benefits and the protection of privacy. 

GPA also says that the establishment of a reasonable balance, technologies based on personal data processing and privacy should be considered together. 

The meeting also discussed a range of topics such as artificial intelligence, big data, blockchain, metaverse, cross-border data transfer, processing of personal data during humanitarian aid, protection of children’s personal data.