250 likes | 439 Views
HIPSSA Project. Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry and Data Protection Stakeholders. PRESENTATION ON SADC DATA PROTECTION MODEL LAW/ TRANSPOSITION APPROACH Samson Muhapi ,
E N D
HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry and Data Protection Stakeholders PRESENTATION ON SADC DATA PROTECTION MODEL LAW/ TRANSPOSITION APPROACH Samson Muhapi, ITU National Legal Expert on Data Protection
Summary of the Content • National assessment –Policy and Legislative frameworks • Summary of Conflict and Gaps • Recommendations
In-country Assessment • Communications Act, 2009 • Namibia Central Intelligence Act, 1997 • Statistics Act, 2011 • Financial Intelligence Act, 2007 • Anti-Corruption Act, 2003 • Children’s Status Act, 2006 • Prevention of Organised Crime Act, 2004 • Namibian Constitution, 1990 • Health related legislation • Research, Science and Technology Act, 2004
Cont…… • Electoral Act, 1992 • Police Act, 1990 • International Co-operation in Criminal Matters Act, 2000 • Information Technology Policy, 2008 • Vision 2030 Policy Framework
Cont…… • Namibia ICT Policy, 2004 • National Development Plans (NDPs) • Draft Electronic Transactions Bill (2013) • Draft Financial Institutions and Markets Bill (2013) • Draft NAMFISA Bill (2013
Assessment: Statistics Act, 2011 • Sec 5(1) sets out the objectives of the NSA; • Sec 4(2) relates to the purpose and principles
Statistics Act, 2011 • Sec 34 –imposesobligation- on the Statistician -General to publish Codes of Practice with regard to ethical and professional standards to be adhered to in the collection and processing of data;
Statistics Act, 2011 • Sec 36 looks at the quality criteria, information and records, etc to be furnished as well as the rightofaccess to the data by researchers.
Statistics Act, 2011 • Sec 36standards and security of networks • Sec 36 conforms to the requirements of sections 24 and 25 of the Model Law
Namibia Central Intelligence Act, 1997 • Sections 6, 24 and 25 deals with the manner in which lawful collection of information may be authorised by the DG in the process of monitoring and interception ofcommunications
Communications Act, 2009 • Part 6of the Act dealing with interception of telecommunications – is yet to come into operation. • Interception Centres-Sec 70(1) • Staff of Interception centres sec 70(2)
Communications Act, 2009 • Subsec(2) provides for the staffing of such interception centres, which, in terms of the Data Protection Model Law, could be categorised as data controllers; • Subsec (6) provides for the appropriation of funds by Parliament- for purposes of funding the establishment and activities of interception centres. Such moneys to be dealt with in accordance with section 10 of the NCIS Act, 1997;
Communications Act, 2009 • Of importance is subsec (8) which provides that where any law authorisesany person or institution to intercept or monitor electronic communications or to perform similar activities, that person or institution may forward a request together with any warrant that may be required under the law in question to the head of an interception centre.
Communications Act, 2009 • In essence, interceptions of and or monitoring of electronic communications, are only authorised under the NCIS Act, 1997; • Other relevant provisions of this Act in relation to data protection are sections 70(9) –dealing with decoding and decryption to make the information obtained intelligible
Communications Act, 2009 • Sec 70(10) and (11), • Sec 71;, • Sec 72 • Sec 73 • Sec 74 • Sec 75 and • Sec 76
Anti-Corruption Act, 2003 • Sec 27 may be relevant to the data protection model law. This section deals with access to bank accounts, purchase accounts, share accounts, expense accounts or any other account, by police. • The only requirement in terms of sec 27(1) is that the Director or Deputy Director or investigating officer authorised by the Director or Deputy Director, may require access to and investigation into accounts mentioned above……….
Financial Intelligence Act, 2007 • Sec 15 imposes a duty on accountable institutions to keep records in the manner and form set out in sec 20 and 22. • Such copies must be kept for a period of not less than five years;
FIA Act, 2007 • Sec 16 relates to right of access to information kept by third parties; • Sec 20 deals with the analysis of reports received, while sec 22 deals with the internal rules concerning reporting of suspicious or unusual transactions
FIA Act, 2007 • Sec 22(d) places emphasis on responsibility and accountability of accountable institutions (compatible with accountability requirement of the model law- see sec 11); • Sec 22(a) and (b) provides for the requirement of “necessity” in the processing of information (which is in line with the model law-see sec 32)
Summary of conflict with Model Law • Sec 23 of the Model Law- imposes a duty to process person data on the Data Protection Authority as opposed to interception centres- as required by section 70(8) of the Communications Act, 2009; • In terms of the limitation clause (sec 42), interceptions and monitoring could be classified as matters falling under national security, crime, journalism, etc, and thus be excluded from application of this model law.
Summary of conflict • Both the Com Act and NCIS Act are silent on right of access to personal data by data subjects on personal information processed by data controllers • Both the Com Act and NCIS Act are silent on issues of rectification • Although Sec 6 of the Com Act makes provision for the establishment of interception centres, it does not expressly provide for interceptions and monitoring to be carried out subject to suspicious criminal activities which conflicts with the Policy statement in clause 7.2 of ICT Policy 2008
Recommendations • Model Law is compatible with Art. 13 of the Constitution (right to privacy); • It is compatible with Vision 2030, NDPs and the Information and Communication Policies 2004 and 2008;
Recommendations • The above policies allows for the adoption of Data Protection Policy and Regulatory Framework • The adoption of the Model Law will provide greater legal certainty by introducing a harmonised set of core values, rules and protection of fundamental rights
Recommendations • Both the data subjects and data controllers will benefit from a harmonised SADC Data Protection Model Law rules and procedures ensuring consistent enforcement of data protection rules; • Individuals will enjoy better control of their personal data and trust the digital environment; • They will also encounter reinforced accountability of those processing their personal data.
Thank You Questions? Samson Muhapi ITU National Law Expert: Data Protection PriaChetty ITU International Law Expert: Data Protection