On 11th August 2021, KICTANet held a virtual meeting to disseminate a report on public participation: An Assessment of Recent ICT Policy Making Processes in Kenya.
The research focus was to assess the extent to which the public participated in three recent ICT policy and law-making processes. The three processes are National Information Communications and Technology Policy, 2019, Computer Misuse & Cybercrimes Act, 2018, and Data Protection Act, 2019.
The research was conducted between September 2020 and October 2020 with purposely selected respondents from various multi-stakeholder groups who participated in the three processes.
It is worth noting that the principle of public participation is listed under Article 10 of the Constitution of Kenya, 2010, as one of the national values and principles of governance. However, the approach taken by state bodies in the ICT sector to facilitate public participation varies.
Below are the key highlights of the report.
Key Highlights of Public Participation Report of Recent ICT Policy Making Processes in Kenya
As mentioned earlier, the case study analyzed to determine whether public participation was meaningful included: The National Information Communications and Technology (ICT) Policy, 2019. The Computer Misuse and Cybercrimes Act (2018) and The Data Protection Act, 2019. Moreover, the research looked at whether the multi-stakeholder approach was considered and the extent to which the three processes adopted the approach.
Victor Kapiyo, one of the researchers, stated that they used diagnostics tools for inclusive cyber-policy making to analyze the extent of public participation in the three ICT policies. They reviewed the extent to which each process was open and accessible, diverse, collaborative and consensus-driven, evidence-based, and transparent and accountable.
Open and Accessible
Data protection scored the highest in terms of openness and accessibility. This was attributed to the fact that there were multiple opportunities for multi-stakeholders to engage. Mr. Kapiyo noted that there was also high public interest in data protection and privacy issues, sparked by ongoing national events, such as the introduction of Huduma Namba and the global trend towards the adoption of national data protection laws following the adoption of the GDPR in the European Union. Moreover, there were county meetings and political will on data protection.
Cybercrime processes on the contrary, scored the least in openness and accessibility due to limited restrictions and opportunities for the public to make contributions. At the initial stage, it was shrouded with lots of secrecy. There was poor communication, poor representation of stakeholders and short timelines and notices to make contributions.
Again, the data protection process ranked as the most diverse of the three processes because there was input, buy-in and support from diverse stakeholders, county forums, and various opportunities to contribute offline and online.
On the other hand, the ICT policy process ranked lowest in diversity. It was marked by failure to publish stakeholder input, poor documentation, poor feedback and limited participation of stakeholders.
Collaborative and Consensus Driven.
Here, the ICT Policy process scored the highest because it was multi-stakeholder driven. It was deliberate and was marked by a collaborative bottom-up approach. Ms Sigi Mwanzia, who also participated in the research, highlighted that this was driven by the pressing need and demand from ICT stakeholders to the Ministry of Information, Communications and Technology (MoICT) to update the 2006 Policy, which had not been updated for close to eight years despite global technological developments and national ICT sector changes in Kenya.
In terms of collaborative and consensus-driven, the Cybercrime process ranked the lowest. This was marked due to a disjointed approach, duplicate government agency processes, closed-door engagements between government agencies and selected agencies, and poor collaboration and power imbalances.
In regard to evidence-based processes, data protection law scored the highest while cybercrime process scored the lowest. The data protection process appeared to have a balance of expertise and research, and the use of evidence and facts. The cybercrime process had limited expertise and research, capacity gaps, special interest and neglect of stakeholder views.
Transparent & Accountable.
Again, the data protection process ranked highest in transparency and accountability, while the cybercrime process ranked the lowest. At the time of research, data protection had clear stakeholder representation, clear documentation of contributions and clear engagement procedures. â€œFor example, the Communication Authority still hosts stakeholdersâ€™ submissions on its website whereas the National Assembly ICT committee report contains copies of stakeholders submitted during this process,â€ added Sigi.
Cybercrime process ranked lowest due to opaque, closed and duplicate processes and lack of a clear road map. Also, it was marked by the secrecy of bills, reports and processes. To date, there are no publicly available reports.
The report made the following recommendations:
- The government should put in place a holistic, multi-disciplinary, multi-stakeholder mechanism for public participation.
- Update and enact the Public Participation (No. 2) Bill, 2019.
- Provide at least twenty-one (21) daysâ€™ notice for public participation.
- Proactively engage more â€˜non-traditionalâ€™ stakeholders.
- Common policy issues require collaboration, common purpose and goal with stakeholders.
- Conduct extensive, objective and evidence-based research and make it publicly available prior to developing policies and laws.
- In partnership with stakeholders, prepare and publicly avail a guiding document(s) outlining formal procedures and mechanisms prior to developing policies and laws.
Reacting to the research recommendations, participants at the dissemination session made their contributions. Mr Ephraim Percy Kenyanito highlighted the need for a clear road map in public participation, clear process and sources of funding, and improved data protection process in future similar ICT policy processes.
Ms Riva Jalipa, observed that the cybercrime act had the most pain points. The act was also problematic because the process was opaque and yet diverse expertise is necessary in contributing to the law. Riva recommended the need for the cybercrime act to be broad so that it can foresee and regulate future behaviour.
Regarding the Data Protection Act policy process or multi-stakeholder engagement, John Walubengo avered that Kenya has made a lot of strides when it comes to the National ICT Policy process. He added that the act remains one of the best guidelines we could adopt because the membership to the task force was representative of diverse industry stakeholders, and had clear timelines to deliver.
Public participation in the ICT policy process must be open, accessible, diverse, collaborative, evidence-based and transparent. Also, the government needs to have a holistic, multi-disciplinary, multi-stakeholder mechanism for public participation.
Report by Egline Jeptoo.