Presentation on theme: "International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry."— Presentation transcript:
International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry and Data Protection Stakeholders PRESENTATION ON SADC DATA PROTECTION MODEL LAW/ TRANSPOSITION APPROACH Samson Muhapi, ITU National Legal Expert on Data Protection
Summary of the Content National assessment –Policy and Legislative frameworks Summary of Conflict and Gaps Recommendations
In-country Assessment Communications Act, 2009 Namibia Central Intelligence Act, 1997 Statistics Act, 2011 Financial Intelligence Act, 2007 Anti-Corruption Act, 2003 Children’s Status Act, 2006 Prevention of Organised Crime Act, 2004 Namibian Constitution, 1990 Health related legislation Research, Science and Technology Act, 2004
Cont…… Electoral Act, 1992 Police Act, 1990 International Co-operation in Criminal Matters Act, 2000 Information Technology Policy, 2008 Vision 2030 Policy Framework
Cont…… Namibia ICT Policy, 2004 National Development Plans (NDPs) Draft Electronic Transactions Bill (2013) Draft Financial Institutions and Markets Bill (2013) Draft NAMFISA Bill (2013
Assessment: Statistics Act, 2011 Sec 5(1) sets out the objectives of the NSA; - Sec 4(2) relates to the purpose and principles
Statistics Act, 2011 Sec 34 –imposes obligation- on the Statistician - General to publish Codes of Practice with regard to ethical and professional standards to be adhered to in the collection and processing of data;
Statistics Act, 2011 Sec 36 looks at the quality criteria, information and records, etc to be furnished as well as the right of access to the data by researchers.
Statistics Act, 2011 Sec 36 standards and security of networks Sec 36 conforms to the requirements of sections 24 and 25 of the Model Law
Namibia Central Intelligence Act, 1997 Sections 6, 24 and 25 deals with the manner in which lawful collection of information may be authorised by the DG in the process of monitoring and interception of communications
Communications Act, 2009 Part 6 of the Act dealing with interception of telecommunications – is yet to come into operation. Interception Centres-Sec 70(1) Staff of Interception centres sec 70(2)
Communications Act, 2009 Subsec (2) provides for the staffing of such interception centres, which, in terms of the Data Protection Model Law, could be categorised as data controllers; Subsec (6) provides for the appropriation of funds by Parliament- for purposes of funding the establishment and activities of interception centres. Such moneys to be dealt with in accordance with section 10 of the NCIS Act, 1997;
Communications Act, 2009 Of importance is subsec (8) which provides that where any law authorises any person or institution to intercept or monitor electronic communications or to perform similar activities, that person or institution may forward a request together with any warrant that may be required under the law in question to the head of an interception centre.
Communications Act, 2009 In essence, interceptions of and or monitoring of electronic communications, are only authorised under the NCIS Act, 1997; Other relevant provisions of this Act in relation to data protection are sections 70(9) –dealing with decoding and decryption to make the information obtained intelligible
Anti-Corruption Act, 2003 Sec 27 may be relevant to the data protection model law. This section deals with access to bank accounts, purchase accounts, share accounts, expense accounts or any other account, by police. The only requirement in terms of sec 27(1) is that the Director or Deputy Director or investigating officer authorised by the Director or Deputy Director, may require access to and investigation into accounts mentioned above……….
Financial Intelligence Act, 2007 Sec 15 imposes a duty on accountable institutions to keep records in the manner and form set out in sec 20 and 22. Such copies must be kept for a period of not less than five years;
FIA Act, 2007 Sec 16 relates to right of access to information kept by third parties; Sec 20 deals with the analysis of reports received, while sec 22 deals with the internal rules concerning reporting of suspicious or unusual transactions
FIA Act, 2007 Sec 22(d) places emphasis on responsibility and accountability of accountable institutions (compatible with accountability requirement of the model law- see sec 11); Sec 22(a) and (b) provides for the requirement of “necessity” in the processing of information (which is in line with the model law-see sec 32)
Summary of conflict with Model Law Sec 23 of the Model Law- imposes a duty to process person data on the Data Protection Authority as opposed to interception centres- as required by section 70(8) of the Communications Act, 2009; In terms of the limitation clause (sec 42), interceptions and monitoring could be classified as matters falling under national security, crime, journalism, etc, and thus be excluded from application of this model law.
Summary of conflict Both the Com Act and NCIS Act are silent on right of access to personal data by data subjects on personal information processed by data controllers Both the Com Act and NCIS Act are silent on issues of rectification Although Sec 6 of the Com Act makes provision for the establishment of interception centres, it does not expressly provide for interceptions and monitoring to be carried out subject to suspicious criminal activities which conflicts with the Policy statement in clause 7.2 of ICT Policy 2008
Recommendations Model Law is compatible with Art. 13 of the Constitution (right to privacy); It is compatible with Vision 2030, NDPs and the Information and Communication Policies 2004 and 2008;
Recommendations The above policies allows for the adoption of Data Protection Policy and Regulatory Framework The adoption of the Model Law will provide greater legal certainty by introducing a harmonised set of core values, rules and protection of fundamental rights
Recommendations Both the data subjects and data controllers will benefit from a harmonised SADC Data Protection Model Law rules and procedures ensuring consistent enforcement of data protection rules; Individuals will enjoy better control of their personal data and trust the digital environment; They will also encounter reinforced accountability of those processing their personal data.
Thank You Questions? Samson Muhapi ITU National Law Expert: Data Protection Pria Chetty ITU International Law Expert: Data Protection