Profile picture
UCCat20 @UCC_Official
, 17 tweets, 4 min read Read on Twitter
UCC had opportunity to comment on the #Data.Protection & Privacy Bill. The enactment of this law is long overdue. A comprehensive law on the collection & processing personal information gives effect to the right to Privacy envisaged under Article 27(2) of the Constitution
UCC welcome the protections offered by the Bill in terms of export of data, breach notification requirements, data subjects access rights, automated decision making, compensation and the right to be forgotten and provision for financial and penal sanctions for breach of the law.
Distinction between Data collectors & data controllers.
The Bill should however clarify & distinguish Data Collectors, from Data Processors & Data Controllers. Clause 2 is inconsistent with international good practice which provides for two broad categories of Data Controllers
Enhancement of sanctions against Corporates.
It is recommended that the quantum of financial sanctions be tiered for natural and corporate personalities, with natural persons at the lower end of te spectrum and corporate persons at the higher end of the spectrum.
The rationale to tier financial sanctions is that Corporates are the biggest offenders of data privacy rights, and they are the ones most likely to profit out of data breaches and hence, they ought to be subjected to higher penalties.
The Bill should include special provision on Children & PWDs.
It's proposed a special clause added to provide for higher obligations on persons who deal with data on children & people with special needs bse children & PWDs may not adequately protect themselves against data abuse
Categorise financial information as sensitive or special personal data.
The Bill should treat financial information as sensitive/special data requiring additional protection beyond ordinary information. This is key in light of recent unauthorised disclosure of financial details.
Data Portability
A data subject should be able to transfer his/her data from one controller or service provider to another if they so wish. The Bill in its current form does not provide for data portability. A section should be added to allow for #Data portability.
Data Brokerage
Clause 32(2) of the Bill prohibits data brokerage. The law ought to balance individual rights to privacy with business needs rather than hinder or encumber trade, perhaps data brokerage be regulated rather than totally prohibited.
The use of data for innovative & social good should be encouraged. Rather than prohibit data brokerage, it's recommended that a mechanisms through which data brokerage is regulated in order to facilitate usage of data, without compromising the rights of data subjects is provided
Accounting officers for data protection.
The Bill could also consider obliging Public Controllers and Processors and those that transact with significant amounts of personal information to appoint natural or corporate personalities responsible for Privacy and #Data Protection
Alternatively, the #DataProtection and Privacy Bill should hold the heads of the responsible public institutions accountable as an ‘Information Officer’ similar to the concept of the ‘Accounting Officer’, with a relevant technical staff.
Information fiduciaries.
The concept of ‘information fiduciaries’ should be taken into consideration.
In the law, a fiduciary is a person or business with an obligation to act in a trustworthy manner in the interest of another.
Therefore, in light of Information fiduciaries; Information Controllers and Processors could for example be required to comply with a set of fair information practices, including providing security and privacy guarantees.
Data localisation.
It is also proposed that the Bill should include a clause on Data Localisation. Data localisation rules require entities that collect data from members of the public to ensure that the data is stored within the geographical boundaries of Uganda.
Data localisation will help avert the risks associated with some operators hosting customer’s data outside Uganda and thereby exposing it to the risk of espionage and unlawful access. This will also allow easy monitoring of compliance with our data protection law.
The Commission is happy with proposed provisions of the Bill. This will balance concerns for both business players & the right to privacy of customers. The law will bring a strong & more coherent data protection framework that will allow the Ugandan digital economy to thrive.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to UCCat20
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!