Privacy Scorecard Exposes Abuse Of Personal Information By Telcos & Financial Institutions in Kenya & Uganda
The 2022 Privacy scorecard report recently launched by Unwanted Witness in partnership with the Centre for Intellectual Property and Information Technology Law (CIPIT) has warned that personal data is in the hands of predators who only care about their profits, with no or little regard for Data Protection Act(s).
The scorecard shedding light on the Kenyan and Ugandan markets shows that key players in Telecommunications, e-commerce, and financial institutions are not fully compliant with the Data Protection Act(s) putting data subjects at risk.
“Initiatives such as the privacy scorecard, compliment discussions at PSA by providing critical information to data subjects on how different data collectors and processors manage their personal data,” said Unwanted Witness Executive Director, Dorothy Mukasa.
When it comes to misuse of personal data, key players in the market have been found guilty of misuse and abuse of data from subjects.
Exposed in the privacy scorecard is the reluctance of key players to comply with data security. This means that they are not keen on safeguarding personal data from accidental access, erasure, alteration, disclosure, or destruction. Personal information can therefore be accessed by third parties without necessarily consulting the data subject. This data has in some cases fallen into the wrong hands and ended up causing dire implications on the subject.
Unfortunately, governments, telecommunications, e-commerce companies, and financial institutions have been found to shamelessly ride on data subjects’ ignorance of their rights, and boundaries in data collection and use.
Although these companies have the existence of public, published, readable, and noticeable privacy policies, a lack of subjects’ knowledge on the same has seen them cutting corners when it comes to compliance.
Also, these key players in the two countries with enacted Data Protection Laws were found to lack accountability when it comes to personal data. This means that no company in both countries published a transparency report in the year under review to disclose key metrics and information regarding data governance and enforcement measures.
With both countries scoring 0% on accountability, it goes to show that there is very little compliance with the Data Protection Act(s).
Data subjects can attest to the increased sharing of personal information especially when it comes to telcos and financial institutions. If for example, you have a loan from a financial institution or telco, after the payment deadline, other parties are included in the collection of debt through multiple calls and text messages. This is usually done not only to the defaulter but to family and friends.
On the scorecard, a third-party data-sharing indicator shows that a good number of data subjects are unaware of existing third parties and what their data is used for by these parties in both countries. Both countries scored poorly, on whether data subjects are privy to the involvement of third parties at the contract point or even after.
“The PSA serves to connect efforts, disseminate knowledge, and facilitate cooperation, this is what makes us a highly effective African forum for privacy and data protection. Our joint efforts to advance privacy across Africa in an age of accelerated digitalization will shape the way people think about privacy and data protection and their importance for human rights,” concluded Dorothy Mukasa