Almost a year now since its presentation, The Data Protection and Privacy bill 2016 has been shelved in parliament.
The state Minister of Finance and economic monitoring David Bahati presented the Bill before Parliament on 20th April 2016 on behalf of the ICT Minister John Nasasira before sending it to ICT committee for consultations.
The bill seeks to cover areas that deal with personal data, which are not provided for in the Interception of Communication Act and the Registration of Person’s Act.
Once approved, the Data Protection and Privacy Bill, 2016 will be enforced by the National Information Technology Authority- NITA (U), which has the mandate of monitoring personal data. NITA (U) is mandated to coordinate, promote and monitor information technology developments in Uganda within the context of national, social and economic development.
The bill seeks to operationalise Article 27(2) of the Constitution which states that “No person shall be subjected to interference with the privacy of that person’s home, correspondence, communication or other property”.
The object of the bill is to protect the privacy of the individuality and of personal data by collecting and regulating the collection and processing of personal informational; to provide for the rights of the persons whose data is collected and the obligations of data collectors, data processors and data controllers; to regulate the use or disclosure of personal informational; and for related matters.
NITA (U) will regulate how personal information is collected and processed under the proposed law. The Data Protection and Privacy Bill, 2016 allows Ugandans a right to withhold their personal data, inquire the purpose of which it is being sought, and how long the data should be used and others.
The speaker referred the bill to the Information, Communication and Technology Committee for scrutiny before it presents a report to parliament for discussion and final approval.
Part IV of the bill talks about security of data and requires those collecting the data to keep it secure and protect its integrity. However, since then nothing has been done.
The urgency of the Data Protection and Privacy bill came to the fore recently when government allowed telecom companies to access the bio data collected during the National Identity Card (ID) enrollment exercise.
The data is currently held by National Identification and Registration Authority (NIRA). The move to allow telecom companies to access the data is aimed at helping then to enforce a directive from Uganda Communications Commission on Sim card registration.
Peter Gwayaka Magelah, the Program Manager Chapter Four, says the delayed enactment of the bill is a big risk to individual data.
Paula Turyahikayo, the Chairperson of Information, Communication and Technology Committee, says the committee will handle the Data Protection and Privacy bill 2016 immediately after the budgeting process. Parliament is expected to conclude the 2017/2018 financial year budget process by May 31st, 2017.
She acknowledges the importance of the bill in protecting personal data, adding that in its absence other laws like the Interception of Communication Act and the Registration of Person’s Act can be used effectively to protect data.
However, a researcher from parliament told this publication later that the existing laws don’t regulate or protect personal data like personal details collected by organizations such as banks, hospitals, travel agencies and insurance companies.