Skip to main content

What is Data Privacy and Protection?. Click here to read and Learn more.


 1. WHAT IS DATA AND WHAT AMOUNTS TO DATA?

Simply put, is information that describes or identifies someone or something. Personal data is any information (when exposed) that can allow someone else to identify you. Personal information can include pictures, texts, sounds, even your expression of an opinion (Facebook posts) like your National ID Number (NIN), age, nationality, occupation and academic qualifications, Email addresses, phone numbers, Salary details and Bank account information, family member personal details. This data should be protected at all costs because if can be harmful to the owner of the information if it is misused or falls into the wrong hands.

2. HOW DO OTHERS GET YOUR DATA?

There are usually 3 ways that people get your data;

VOLUNTARILY
in a perfect world, you would willingly give out your data. This is what the law also desires, that your personal data should only be given or taken with your permission (consent). If a person comes to your home and requests to know if own a mobile phone and the number so they can send you messages about what they sell, you have a choice to accept and give this information or to refuse. If you know what information is required and you make an informed decision about this information and the request and give it out, then you have voluntarily given your data to someone else. 

MANDATORY
However there are instances when the law requires certain data from you as a MUST or allows someone to take that data with or without your permission for a lawful specified purpose. For example a population census is a must and everyone is required to disclose certain information to the government whether they want to or not. 

This can include:
1. when there is mandatory immunization of children.
2. if there is a public duty that everyone must perform such as community cleaning, data about all residents in that area may be taken without their permission to make sure that everyone participates.
3. if it is a matter of national security such as when a crime needs to be prevented or to prosecute someone or carry out investigations. For example, if a person is arrested for defilement, then whether that person wants it or not, they must be tested for HIV so they will know his status whether he/she allowed it or not.
4. for medical purposes and for compliance with a legal obligation such as the payment of taxes. You do not give URA the permission to check your transactions or bank account details if they need the taxes that you have not paid.

AS A CONDITION FOR USE (QUALIFIED)
There are also times when to use a certain a service or product, is dependent on you giving your permission to collect and use your personal information. In this case, no one forces you to give consent (permission), but for you to proceed further, you must choose to give the consent. This is found when you download apps for your smartphone, or if you want to sign up for an email address or Facebook account. 


3. WHAT DO THOSE GETTING YOUR DATA NEED TO THINK ABOUT? 
The law (data protection and privacy act 2019) requires that anyone who collects or handles personal data from people should consider the following when collecting data. 

– Accountability to data subjects for data collected.
– Lawfulness;
– Fairness and transparency;
– Adequacy;
– Relevance
– Minimisation of data collected; (only take what is needed for the purpose)
– Data retention only for period authorised by law or purpose;
– Quality and accuracy of data collected, processed, used or stored;
– Transparency and participation of data subjects in collection, processing, use and storage of personal data; and
– Security safeguards in respect of personal data.

4. WHAT IS CONSENT?
Consent means to give permission for something to happen or agreement to do something. When dealing with personal data, the law requires that there is consent of that person whose data is being collected or handled.
This person should freely (willingly) and clearly indicates either in writing or by a clear positive action that they agree to their personal data being collected or used.
The consent exists if:
1. It is freely given,
2. After specific information about (what information they want, why, for what and for how long)
3. Unmistakable indication of the data subject’s wishes (accepting)

WHY IS CONSENT IMPORTANT?
Giving consent allows you to set limits on what can be done with your personal data. This is because your consent is what tells someone what they can collect, store and erase and how they can use your personal data. For example, if you gave a supermarket your address and your mobile number to deliver your groceries and later you find out they have used this information to advertise that you are their loyal customer to convince them to buy from the supermarket, then you can say that your rights were abused.
Consent gives you the right to seek legal help when you feel your privacy has been abused, because you know exactly what you allowed and what you rejected. 

5. WHAT ARE THE DIFFERENT STAGES YOUR DATA MAY GO THROUGH? 
When you are approached by someone who wants any personal information about you, your Data privacy and protection journey begins; First you are entitled to choose whether to share or keep your personal data. After giving this permission to someone, you are at the first stage of your journey.
A. COLLECTION.
This happens when someone asks and receives personal information about you. For example, if a person who is collecting information about salaries of people in your village comes to you and ask for where you work and how much you earn, then you give this information out, then that person will have collected your personal data. This is the first stage, and this person is called a Data collector. 

Storage (who keeps this – controller)
B. DATA CONTROLLER
Once you have given your data to someone, that person decides what, and how to handle and deal with your data. This includes decisions such as how long to keep it, what to do with it, and how to handle it for the purpose they gave you. This person who does this is called a Data Controller. For example, when a doctor asks for blood samples and information about your family health history, it is because they have a purpose in mind. The doctor then decides how they want to use this information and your samples to get to that result. This makes the doctor a data controller. Once you’ve given your data to an organization or individual, they decide how to handle and deal with your data.

C. PROCESSING
Sometimes the person who collects your personal data is not the same person who analyses it or organizes it. For example, if a company may send interns to collect personal information about people so that it can start selling in that area. When it gets this information, it gives it to another company to put it together and keep it for them. This process is what we call processing. This company or person receives that information for one of the reasons we have talked about and is called a Data Processor. 

6. WHAT SHOULD YOU DO IF YOU BELIEVE THAT YOUR RIGHTS HAVE BEEN ABUSED?
If somebody feels that their right has been abused, they would have to follow the following process to ensure that the infringer is punished:
Make a complaint in the prescribed manner to the Authority in writing. The Authority is known as National Information Technology Authority – Uganda (NITA-U)

7. RIGHTS OF DATA SUBJECTS
The most important right every person has is the right to limit how much of their personal information is taken. This is by giving or refusing to give consent. However apart from this, there are other rights every one of us has a person with personal data (We are called Data subjects).
• Access to your personal data
You have the right to ask to access any information you gave out to another person or organisation for example you can ask the any hospital with your medical information to let you have a copy and to see what ‘they have on you.’ Remember to provide proof of identity to before asking for this information.
You are entitled to this information immediately or within 30 days, 

• Prevent Processing of personal data.
When you give out personal data, the person you give it to can choose to organise it, alter how it is arranged and even erase some (these actions are known as processing). However you are entitled to tell him/her not to stop doing of this to your personal data if you believe it is likely to cause unjustified substantial damage or distress to you.
In addition, if you find out that there is an automated mode of processing of your personal data, you can ask that the decision to alter, organise or handle your information is revised and reconsidered.
Make sure you write to the people with your personal data to tell them to stop. 

• Stop use of personal data for marketing
If you do not want your personal data handled and used for marketing purposes, you have a right to prevent this.

If you have or attempt to enforce any of these rights and the person or entity with your personal data refuses to fulfil your request, then you still have a right to complain to NITA (the authority that regulates how your personal data is used) about your rights. As a result, you may be compensated for any damage or distress you suffer as a result of this violation.


#BarefootLaw


#osutayusuf

Comments

Post a Comment

Popular posts from this blog

Vurra Constituency MP Adriko Yovan gets six months imprisonment for failing to repay loan.

📸: Hon Adriko Yovan. Story By Andrew Cohen Amvesi. ARUA . Yovan Adriko, the Vurra County Member of Parliament (MP) in Arua district has been committed to six months civil prison for failing to clear debts amounting to shs55,677,400. Adriko was on Thursday evening sent to Arua government prison to serve six months shortly after his arrest at Slumberland hotel in Arua City. MP Adriko warrant of committal judgement debtor to jail. Paul Mawa of T/A Vitality Associates, the court bailiff assigned to arrest the MP, duped him to come and pick some money for a land transaction at Slumberland hotel where he picked him like a baby after a long hunt. Adriko was immediately arraigned before Her Worship Karungi Leo, the Deputy Registrar of Arua High Court who later committed him to imprisonment not exceeding six months. Part of Adriko’s warrant of arrest issued b court Adriko was sent to the coolers for failing to clear shs48m which is the princip
1 comment
Read more

Arrested Arua City Officials Taken to Kampala this Night.

Wednesday 8-November-2023. 📸: The arrest of Arua City Physical Planner Mr Findru Moses on 6-Nov-2023 at around 2pm. 📸: Mr Jobile Cornelius the City Deputy town clerk who was arrested on 7-Nov-2023 at around 4pm. 📸: Mrs Lillian Aleni (in red cloth) and Mr Edoni Benard being handcuffed by police officer on 6-Nov-2023 at around 6pm. The bail that was to be issued last night 8pm 7-Nov-2023 to release the arrested City Deputy town clerk Mr Jobile Cornelius and CFO Mr Sam Adriko over mismanagement of government properties and monies was canceled, and by this time of the night 11pm, highly placed sources leaked that, all the arrested suspects (Mr Findru Moses the Arua City Physical Planner, Mr Jobile Cornelius the Deputy City clerk, Mr Adriko Sam the CFO, Mr Edoni Benard the PDM BOG Chairperson for Pangisa ward and Mrs Lillian Aleni the parish chief for Pangisa ward) are being transported by State House Anti-corruption Unit officers who will soon be reac
Post a Comment
Read more

Wedded Ayivu West MP Lematia John Fights Over Another Woman.

  📸: Hon Lematia John. By URN. Police in Arua district are investigating a case of assault and threatening violence involving the Member of Parliament for Ayivu West Constituency John Lematia and James Ariko, a DSTV technician in Arua city. Drama ensued on Easter Sunday 31-3-2024 at Dream Land Hotel located at Kuluva trading center along Arua-Nebbi highway in Arua district when the legislator and the technician engaged in a fight reportedly over a woman identified as Faith Eyotaru 25, a relationship officer at Victoria University Kampala. The scuffle started after Ayivu West Mp John Lematia went to swim at Dreamland Hotel with Faith Eyotaru only to find Ariko, who had gone to the same hotel earlier. However, upon seeing the duo coming out of the vehicle, Ariko confronted Lematia with both men claiming to be having a relationship with the lady. It took the intervention of the staff at the hotel who intervened and separated the fight between the men. Josephine Angucia, the West Nile re
Post a Comment
Read more