By John Walubengo
As countries continue to digitize their socio-economic spheres, the value of their digital activities and footprints begins to accrue national strategic importance—politically, economically, legally, and socially.
Questions around who is collecting their data, where it is located, and how it is being used while in store become increasingly important.
In Kenya, these issues began to come to the forefront during the 2017 Presidential petition, when some lawyers told the Supreme Court that access to Kenyan election data could not happen because the data is in some ‘French Cloud’ and the French technicians were soundly asleep. So, the Kenyan highest court in the land was advised to bear with the French until they woke up from their slumber and then attend to their request.
Whereas the lawyer was completely lost on the technical aspects of cloud computing, it did focus on the need for the country to be careful about which national data sets should be kept within its borders and which ones may be open to being kept beyond our borders and wherever one deems fit.
Where should data of strategic national importance be located, and why should that be important?
Domestic versus International data storage
At a personal level, we tend to think our data is of no national significance. However, we need to remember that each personal or individual dataset and activity, cumulatively and over time, is consolidated into a national profile of Kenyans and their thinking, attitudes, and disposition.
For example, Google has recently published country-based reports on what different nations are searching for online. If Google was evil, it probably would not share these insights and may quietly use them against us – given that they know our collective national psyche.
Knowledge is, after all, power.
Suppose I knew from the search datasets that the collective desire for the Kenyan youth is drugs, alcohol, prayer, or English football. In that case, I could use that insight in so many ways – positive or negative – depending on how one viewed Kenya in terms of being a friend or a foe.
Some countries have taken regulatory steps and deliberately forced big tech companies like Google, Facebook, Apple, and Amazon to localize these types of citizen data – have it located in data centres domiciled in European Union territory.
That would not stop the big tech countries from mining the national level insights, but at least it would give the EU governments some form of access to a physical ‘kill-switch’ on an EU territory-based data centre – in the unlikely event that the big tech begins to abuse the insights drawn from European Citizens.
Should Kenya do the same?
Yes and NO.
Our context is slightly different because our Data Centre infrastructure is not yet at the EU level. Simple things like cost, quality and reliability of electrical power needed to power top-level (Tier4) Data Centres is not globally competitive.
Forcing Kenyan citizens, SMEs, and corporates to only store their data locally may look like promoting the development of the local Data Centre Infrastructure, but it could also make business operations, particularly for small start-up communities that depend on big tech Cloud Infrastructure very un-competitive.
On the other hand, having a ‘free for all’, open-ended policy regarding where data, particularly of national strategic importance, is located may also be detrimental. The Kenya Data Protection Act makes provision for the Cabinet Secretary to regularly review and gazette which data sets should be stored locally.
The Kenyan Data Commissioner has been having deeper discussions on this important issue, and you are welcome to take a deep dive into the finer details on her LinkedIn page.
John Walubengo is an ICT Lecturer and Consultant. @jwalu.