Privacy Score Card Report
- C1P1T |
- November 11, 2022 |
- Reports
Together with Unwanted Witness (UW) the Center for Intellectual Property and Information Technology Law (CIPIT) contributed to towards the 2022 Privacy Score Card report where we evaluated data protection compliance in three sectors in Kenya and Uganda. The evaluation focused on the financial services, telecommunication and e-commerce sectors. The primary methodology for the evaluation looked at the privacy policies of 2 select companies within the sectors and assessing the privacy policies through five core indicators.
-
Existence of an accessible public, readable, and noticeable privacy policy
-
Informed consent: this looked at the company’s contact details, purpose of data collection, type of data being collected, rights of the data subject
-
Data Collection and Third – party data transfer: Information on which parties have access to collected data
-
Data Security: security of the web browser, validity of the website, technical and organizational measures utilized to secure data.
-
Accountability: Published transparency report in the year under review.
The primary findings from the report showed,
-
There is ongoing compliance with data protection laws, however, there are gaps and areas of improvement that need to be addressed.
-
The compliance of the Kenyan sectors stood at 47.4%
-
Compliance in the Kenyan financial sector stood at 49%, the e-commerce sector stood at 53.8% and the telecommunication sector stood at (39.4%)
The percentages reflected above are a measure of compliance of the companies in the respective sectors on account of the evaluation on their respective publicly available privacy policies and not internal data protection and privacy policies.
This report reflects the findings from Kenya. The findings of both Kenya and Uganda are reflected in the 2022 Privacy Score Card.