A prominent blogger was recently charged under section 72 (3) as read with section 73 of the Data Protection Act. The blogger was charged with unlawfully disclosing personal data belonging to a well-known social media influencer.
Since the case is still in court, discussions around it are limited. However, the main issue remains: tea versus data privacy, what’s all the fuss about (disregarding the alleged political drama behind it)?
The Offence
Section 72 of the Act outlines the offence of unlawful disclosure of personal data by providing that anyone who, without lawful excuse, discloses personal data in any manner that is incompatible with the purpose for which such data has been collected, commits an offence.
Subsection 2 further makes it an offence to disclose such personal data without the prior authority of the data owner without any lawful excuse. Upon conviction under the act, the general penalty as per Section 73 includes a fine not exceeding Sh3 million or an imprisonment term not exceeding 10 years, or to both.
In addition to this, a court may order the forfeiture of any equipment or any article used or connected in any way with the commission of said offences; or order or prohibit the doing of any act to stop a continuing contravention.
Serving Tea
The Urban dictionary defines ‘tea’ as juicy gossip. The ‘tea’ or gossip is usually some scandalous information about a celebrity or prominent individual. The ‘juicier’ the tea, the more chances of it going viral, which results in more publicity for the informant, which is typically a good thing within the social media scene.
Thanks to the wonderful world of social media, a crop of individuals have emerged who seem to eke a living out of airing the private details and data of public personalities with the hopes of garnering likes and followers regardless of the effect this might have on people’s reputation, careers, marriages or even innocent children in families caught up in such entanglements.
The belief is that all this is legal and within the freedom of speech and other constitutional freedoms. However, like most millennial relationships on Facebook, this is complicated.
Principles of Data Privacy
Article 31 of the Kenyan constitution provides for the right to privacy by stating that everyone is entitled to privacy which includes the right not to have; their person, home or property searched; their possessions seized; information relating to their family or private affairs unnecessarily required or revealed; or the privacy of their communications infringed.
Section 25 (a) of the Data Protection Act further mandates individuals to ensure that for every personal data processed, collected, or shared, it is done so in line with the right to privacy of the data owner. The Act, which is in line with the General Data Protection Regulation (GDPR), attempts to revert power and control of personal data back to an individual.
Section 30 of the Act provides for lawful processing of personal data which includes for purposes such as historical, statistical, journalistic, literature and art or scientific research or even public interest. It is evident that gossip or ‘serving tea’ is not listed in this act neither can one claim that it falls within the scope of journalism or is for public interest.
Expectation of privacy
There is an expectation of privacy when it comes to dealing with the private data of others, for whatever purpose it is. This expectation may be shattered in pursuit of national security or when such information is shared publicly by its owner. When an individual shares their information publicly on social media for the entire universe to view and access it, then the expectation of privacy automatically ends.
Section 28 (2) of the Act alludes to this by providing that private data may be collected indirectly from the owner by anyone provided that such data is contained in a public record, or the owner has deliberately made the data public, or has consented to the collection from another source. One may argue that posting information on social media is either making the data public or consenting to the collection of such data from another source. Following this line of thought, is consent really needed for data that the individual has already publicly shared on their own public social media page?
On the other hand, section 26 of the Act provides that the data owner is entitled to the right to be informed of the use to which their personal data is to be put, to object to its processing, as well as being entitled to the correction or deletion of false or misleading data about them.
The question then would be, do these rights end the moment the data owner on their own volition shares their data publicly? Another question to ponder is whether one can still share data that was made public by the data owner even after the owner has objected to such. A case in point would be that of the Kenyan teen who shared a video of her family’s swanky abode only to receive backlash later leading to her plea to netizens to cease from resharing the video.
Conclusion
The right to privacy will always be weighed against the right to free speech. Some legal commentators have argued that free speech should trump the right to privacy, some stating that it is vital for a society to possess the ability to pass on information about other people to establish a good or bad reputation about them.
Despite the murkiness of data privacy and social media, it is hard to argue that any data shared publicly by the owner on social media warrants protection as private data. However, freedom of speech cannot be the weapon used to destroy data privacy, especially when the goal is to gain more followers online with no regard to the consequences on innocent lives.