EDITORIAL: Data protection law long overdue, fast-track it

Wednesday November 11 2020

It is not enough to just have the legislation, there is need to ensure that it is implemented. PHOTO | FILE


The Office of the Prime Minister issued a statement on the Cabinet decisions of October 27, which, among other things, approved the Bill seeking to protect data and privacy.

Given the increasing number of Rwandans who have access to digital services, the enactment of this law is long overdue. Millions of Rwandans are already accessing digital platforms for social networks, studying and work.

Since 2015, the government portal — Irembo has upgraded its operations, increasing access to public services online. Over 25 public services are now available online.

In the private sector, more businesses have migrated their services online and are aggressively rolling out digital products.

Now the Covid-19 pandemic has made digital migration inevitable. The pandemic has forced many to start working remotely and homeschooling is now possible on digital platforms.

Yet, as more people embrace digital platforms, there is a real risk that they may become targets for cyber criminals and their personal information may be misused.


However, it is important that the purpose of personal data protection is not to just protect a person's data, but to protect the fundamental rights and freedoms of persons that are related to that data.

While protecting personal data it is possible to ensure that persons’ rights and freedoms are not being violated.

For example, incorrect processing of personal data, could bring about a situation where a person’s confidential information is leaked.

Secondly, not complying with the personal data protection regulations can lead to even harsher situations, where it’s possible to extract all the money from a person’s bank account or even cause a life-threatening situation by manipulating health information.

Thirdly, data protection regulations are necessary for ensuring fair and consumer friendly e-commerce and provision of services.

Personal data protection regulations cause a situation, where, for example, personal data can’t be sold freely which means that people have a greater control over who makes them offers and what kind of offers they make.

If personal data is leaked, it can cause companies significant damage to their reputation and also bring along penalties, which is why it is important to comply with the person data protection regulations.

To ensure that personal data is secure, it’s important to know what data is being processed, why it’s being processed and on what grounds. In addition, it’s important to identify which safety and security measures are in use.

The government has to do more to increase awareness about the rights and responsibilities of citizens and the different stakeholders that actively collect personal data.

The bigger challenge remains with enforcement of the bill once it has been passed by parliament. It is not enough to just have the legislation, there is need to ensure that it is implemented.