Listen to This Article Enhance your reading experience by listening to this article.

As effects of Covid-19 bite, organisations working with key population demand proper measures to ensure confidential information is safe.

Harriet James @harriet86jim

As the country continues to progressively move into a digital era and the methods of data collection continue to evolve, protection of the right to privacy has become an issue of concern particularly to persons living with health issues.

Worse, with the emergent need to respond to Covid-19, there is need to ensure the government does not disregard the right to privacy in the name of tackling a public health crisis. 

Globally, while the pandemic has resulted in the invention of various digital solutions and surveillance tools targeted towards transmission monitoring and containment such as contact tracing applications, which entails identifying, assessing and managing people who have been exposed to the coronavirus, there is no clear guidance as on collection, storage and sharing of personal data or application of law to these contact-tracing programmes, which points to a lack of legal oversight, as there are no documented safeguards in case of any breaches. 

Holistic protection

“Without any legal foundation, it is difficult to ascertain whether the information collected will be used for its intended purpose or if concerns regarding ‘function creep’, where information being used for other law enforcement purposes are valid or not.

If there is even the slightest possibility the information collected, stored and shared could be used to target key populations or data breaches could occur, exposing stigmatised populations publicly, then restrictions need to be in place to safeguard the privacy rights of these vulnerable communities,” explains  Alan Maleche, Executive director KELIN during a stakeholders meeting to disseminate the report on enhancing privacy and confidentiality in the management of public health data.

In the meeting where various stakeholders in  data protection, HIV/Aids, human rights and public health gathered, various concerns were raised with regards to data collection and health privacy.  

The meeting also saw the unveiling of a report aimed at building capacities of persons living with HIV and key populations to effectively advocate for development of holistic privacy guidelines that integrate their rights and needs with regards to protection of their health data against a backdrop of data collection intensive schemes.

“Last year, KELIN reviewed the draft HIV and Aids prevention and Control (Privacy) regulations 2019 against the recently enacted Data Protection Act, 2019 and the key gaps in the act made us develop this report.

We also developed recommendation on whether or not the guidelines are in fact in line with the Data Protection Act, the Constitution and other international laws and standards; whether the guidelines safeguard the rights of data subjects; and whether the guidelines uphold the data protection principles,” says Maleche.

He adds that with the pandemic, the heightened vulnerability of people living with HIV/Aids (PLWHA) and key populations worsened, creating the need for a conversation around data protection and privacy. 

The report developed Covid-19 privacy concerns to advocate for development of privacy regulations that safeguard the privacy rights of PLWHA and key populations generally and during public health crisis such as epidemics and pandemics.

Despite the introduction of the Data Protection Act 2019, there is still need for the law to clarify the scope of lawful data use in the mitigation and containment of Covid-19 by all relevant government agencies and institutions. 

For instance, in the recent past, the Government has collected or attempted to collect personal data without the existence of a comprehensive legal and regulatory framework in place to ensure that the data collected, analysed and stored is protected. 

“There is need for sensitisation particularly for any institution that is handling data needs to understand that they are handling sensitive information.

People need to be assured that the data they have given, their names and mobile numbers, are safe and this is what data protection is all about,” says Nelson Otwoma, Executive director National Empowerment Network of People Living with HIV and Aids in Kenya (NEPHAK).

Consolidate policies 

Otwoma adds that individuals need to know where to report in case privacy has been breached, and that there are data protection officers within organisations who can ensure care is taken when handling such sensitive information. 

Issues were also raised on the HIV Index testing model, which entails provision of HIV testing services to family members of known PLWHA at increased risk of HIV infection such as sexual partners and children under 15 years.

While this is a successful way of ensuring the spread of the disease is managed, most participants were concerned on the level of information their partners should receive without consent.  

Participants called for government to consolidate policies relating to privacy and confidentiality particularly in HIV management and the general health data of PLWHA and key population.

They recommend it  should indicate how the data will be collected and safeguarded in line with human rights standards. 

“There should be effective application of laws in health service provision that guarantee a right to privacy.

They should also ensure all emergency numbers including curfew and restrictions on movement are legal, proportionate, necessary and non-discriminatory and do not put persons living with HIV and other key populations in a situation where they are forced or coerced to disclose their personal and health HIV information thereby increasing stigmatisation,” says Maleche in conclusion.