Skip to main content
SpringerLink
Log in

Consolidating the Right to Data Protection in the Information Age: A Comparative Appraisal of the Adoption of the OECD (Revised) Guidelines into the EU GDPR, the Ghanaian Data Protection Act 2012 and the Kenyan Data Protection Act 2019

  • Conference paper
  • First Online:
Innovations and Interdisciplinary Solutions for Underserved Areas (InterSol 2020)

Abstract

The proliferation of ICTs and computational power in processing personal information has long been documented to expose individuals to risks of privacy violations and other fundamental rights abuses. This prompted calls, about five decades ago, for the development of legal regimes laying specific rules to follow when processing personal information, especially with the use of ICTs, in order to protect fundamental individual rights. Deliberations in this direction were undertaken at the OECD, and led to the adoption of the OECD Guidelines of Privacy Protection in September 1980 (revised in July 2013), which listed eight principles of data processing on which national and supranational regimes were expected to build personal data processing laws.

This paper attempts a comparative review on how these principles are consolidated in relevant European and African legislation: that is, between the EU’s GDPR on the one hand and the Ghana and Kenyan data protection instruments on the other. Being a more advanced legal regime in terms of data protection, the GDPR serves here as a measuring rod to examine how the basic OECD Principles are reflected in the personal data processing rights and obligations provided in the Ghana Data Protection Act of 2012 and the Kenyan Data Protection Act of 2019. The paper concludes with a general note that while the Kenyan legislation appears mostly copied from and consolidates OECD data protection principles more or less exactly like the GDPR, the Ghanaian Act offers comparatively less rigorous protection in some areas.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The Organisation for Economic Co-operation and Development is an intergovernmental economic organisation with 36 member countries, founded in 1961 to stimulate economic progress and world trade. See www.oecd.org. Accessed 14/9/2019.

  2. 2.

    Article 1(b), OECD Revised Guidelines 2013.

  3. 3.

    Economic Community of West African States (ECOWAS) Supplementary Act A/SA.1/01/10 on Personal Data Protection Within ECOWAS.

  4. 4.

    African Union Convention on Cyber security and Data Protection, 2014.

  5. 5.

    See the Working Party for Information Security and Privacy (WPISP). 2011. The evolving privacy landscape: 30 years after the OECD Privacy Guidelines. Directorate for Science, Technology and Industry—Committee for Information, Computer and Communications Policy, DSTI/ICCP/REG(2010)6/FINAL,6.4.2011. DSTI/ICCP/REG(2010)6/FINAL. P.12.

  6. 6.

    Recommendations of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (23 September 1980).

  7. 7.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L281, 23/11/1995, 0031–0050. Retrieved from https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A31995L0046. Accessed 25th February 2020.

  8. 8.

    Communication From The Commission To The European Parliament, The Council, The European Economic And Social Committee And The Committee Of The Regions Safeguarding Privacy in a Connected World A European Data Protection Framework for The 21st Century COM/2012/09 Final (2012). Retrieved from https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A52012DC0009. Accessed 25th February 2020.

  9. 9.

    Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32002L0058. Accessed 25th February 2020.

  10. 10.

    Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016L0680. Accessed 25th February 2020.

  11. 11.

    Ghana Data Protection Act 2012.

  12. 12.

    ‘Legitimate interest’ could exist when there is a relevant relationship between the data controller and data subject, like where the data subject is a client or is at the service of the data controller (Recital 47 GDPR).

  13. 13.

    This principle founded the decision of the Ninth Circuit Court of Appeal in the famous US case of Spokeo v. Robbins, 867 F. 3d 1108 - Court of Appeals, 9th Circuit 2017. The Court found that Mr Robbins had grounds to sue an employment placement company for having, on his profile, and for not taking the necessary steps to update inaccurate information about his marital and employment status, age and educational background, which could have been the reason why he could not find a job through that company.

  14. 14.

    Ideally, a data protection supervisory authority is an independent public authority in charge of overseeing compliance with data protection principles in a given jurisdiction. The GDPR’s Article 51 requires each EU Member state to create at least one within each territory. In Ghana, the role is fulfilled by the Data Protection Commission, created by Article 1 of the Data Protection Act. In Kenya, the 2019 Data Protection Act 2019 establishes the Office of the Data Protection Commissioner in its Article 5.

  15. 15.

    See Paragraph 99 of the ECJ’s decision in Google Spain SL, Google Inc v Agencia Española de Protección de Datos and Mario Costeja González [2014] ECLI:EU:C:2014:317.

  16. 16.

    European Commission, Commission Staff Working Paper SEC (2012) 72 final. Impact Assessment Accompanying the General Data Protection Regulation (2012), p. 100.

  17. 17.

    A personal data breach is defined by Article 4(12) of the GDPR as a ‘breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed’.

  18. 18.

    Article 2 of the Kenyan Data Protection Act adopts exactly the same definition of a personal data breach as Article 4(12) of the GDPR.

References

  1. Solove, D.: The new vulnerability: data security and personal information. In: Chander, A., Gelman, L., Radin, M.J. (eds.) Securing Privacy in the Internet Age. Stanford University Press (2008)

    Google Scholar 

  2. Xavier, C., Bosua, R., Maynard, S.B., Ahmad, A.: The Internet of Things (IoT) and its impact on individual privacy: an Australian perspective. Comput. Law Secur. Rev. 32(1), 4–15 (2016)

    Article  Google Scholar 

  3. González Fuster, G.: The emergence of personal data protection as a fundamental right of the EU. LGTS, vol. 16. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-05023-2

    Book  Google Scholar 

  4. Nam, T.: What determines the acceptance of government surveillance? Examining the influence of information privacy correlates. Soc. Sci. J. 56, 530–544 (2018)

    Article  Google Scholar 

  5. Lynskey, O.: The Foundations of EU Data Protection Law. Oxford University Press, Oxford (2015)

    Google Scholar 

  6. Bennett, C.J.: Regulating Privacy: Data Protection and Public Policy in Europe and the United States. Cornell University Press, New York (1992)

    Book  Google Scholar 

  7. Hustinx, P.: EU data protection law: the Review of Directive 95/46/EC and the proposed General Data Protection Regulation. Collected courses of the European University Institute’s Academy of European Law, 24th Session on European Union Law, pp. 1–12 (2013)

    Google Scholar 

  8. Greenleaf, G.: Global data privacy laws 2017: 120 national data privacy laws, including Indonesia and Turkey. Privacy Laws & Business International Report, 10-13, UNSW Law Research Paper No. 45. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2993035. Accessed 11 Oct 2019

  9. Bignami, F.: The case for tolerant constitutional patriotism: the right to privacy before the european courts. Cornell Int. Law. J. 41, 211 (2008)

    Google Scholar 

  10. De Hert, P., Gutwirth, S.: Data protection in the case law of Strasbourg and Luxemburg: constitutionalisation in action. In: Gutwirth, S., Poullet, Y., De Hert, P., de Terwangne, C., Nouwt, S. (eds.) Reinventing Data Protection?. Springer, Dordrecht (2009). https://doi.org/10.1007/978-1-4020-9498-9_1

    Chapter  Google Scholar 

  11. Solove, D.: The Digital Person: Technology and Privacy in the Information Age, vol. 1. NyU Press, New York (2004)

    Google Scholar 

  12. Arzt, C.: Data protection versus Fourth Amendment privacy: a new approach towards police search and seizure. Crim. Law Forum 16(3), 183–230 (2005). https://doi.org/10.1007/s10609-005-4143-9

  13. Solove, D.: Why I Love the GDPR: 10 Reasons. https://teachprivacy.com/why-i-love-thegdpr/. Accessed 11 Oct 2019

  14. Dagbanja, D.N.: The right to privacy and data protection in Ghana. In: Makulilo, A.B. (ed.) African Data Privacy Laws. LGTS, vol. 33, pp. 229–248. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47317-8_10

    Chapter  Google Scholar 

  15. Omane Boamah, E.K.: Minister for Communications at The Launch Of The Data Protection Commission On 18th November 2014 at The International Conference Centre (Data Protection Commission). https://dataprotection.org.gh/resources/downloads/conference/10-final-speech-of-the-hon-minister-of-communications-at-the-launch-of-the-data-protection-act/file. Accessed 11 Oct 2019

  16. Agyei-Bekoe, E.: Empirical Investigation of the Role of Privacy and Data Protection in the Implementation of Electronic Government in Ghana. A Doctoral Thesis Submitted in Partial Fulfilment of the Award of Doctor of Philosophy Faculty of Technology, Centre for Computing and Social Responsibility De Montfort University, September 2013

    Google Scholar 

  17. Makulilo, A.B., Boshe, P.: Data protection in Kenya. In: Makulilo, A.B. (ed.) African Data Privacy Laws. LGTS, vol. 33, pp. 317–335. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47317-8_15

    Chapter  Google Scholar 

  18. Pangrazio, L., Selwyn, N.: Personal data literacies’: a critical literacies approach to enhancing understandings of personal digital data. New Media Soc. 21(2), 419–437 (2019)

    Article  Google Scholar 

  19. Fuster, G.G.: Inaccuracy as a privacy-enhancing tool. Ethics Inf. Technol. 12(1), 87–95 (2010)

    Article  MathSciNet  Google Scholar 

  20. Wachter, S., Brent M.: A right to reasonable inferences: re-thinking data protection law in the age of big data and AI. Columbia Business Law Review (2019)

    Google Scholar 

  21. De Hert, P., Papakonstantinou, V., Wright, D., Gutwirth S.: The proposed Regulation and the construction of a principles-driven system for individual data protection. Innovation: Euro. J. Soc. Sci. Res. 26(1–2), 133–144 (2013)

    Google Scholar 

  22. Coudert, F.: Towards a new generation of CCTV networks: erosion of data protection safeguards?. Comput. Law Secur. Rev. 25(2), 145–154 (2009)

    Google Scholar 

  23. Stevens, G.M.: Data security breach notification laws. CRS Report for Congress (2012). http://dev.journalistsresource.org/wp-content/uploads/2012/04/R42475.pdf. Accessed 13 10 2019

  24. Makulilo, Alex B.: “One size fits all”: does Europe impose its data protection regime on Africa? Datenschutz und Datensicherheit-DuD 37(7), 447–451 (2013)

    Article  Google Scholar 

Download references

Acknowledgments

This research is funded by the Erasmus Mundus program LAST-JD (Joint International Ph.D. in Law, Science and Technology) coordinated by the University of Bologna.

Author information

Authors and Affiliations

  1. Joint International PhD in Law, Science and Technology (LAST-JD) CIRSFID, University of Bologna, Bologna, Italy

    Rogers Alunge

Authors
  1. Rogers Alunge
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rogers Alunge .

Editor information

Editors and Affiliations

  1. African Climate and Development Initiative, University of Cape Town, Cape Town, South Africa

    Jessica P. R. Thorn

  2. Université Alioune Diop de Bambey, Bambey, Senegal

    Assane Gueye

  3. Department of Animal and Plant Sciences, University of Sheffield, Sheffield, UK

    Adam P. Hejnowicz

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alunge, R. (2020). Consolidating the Right to Data Protection in the Information Age: A Comparative Appraisal of the Adoption of the OECD (Revised) Guidelines into the EU GDPR, the Ghanaian Data Protection Act 2012 and the Kenyan Data Protection Act 2019. In: Thorn, J., Gueye, A., Hejnowicz, A. (eds) Innovations and Interdisciplinary Solutions for Underserved Areas. InterSol 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 321. Springer, Cham. https://doi.org/10.1007/978-3-030-51051-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-51051-0_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-51050-3

  • Online ISBN: 978-3-030-51051-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation