A Round White Cctv Camera on a white ceiling

The Private Security Regulation Act: Balancing Security and Privacy

By Cherie Oyier

The Private Security Regulation Act (PSRA) was enacted in 2016. However, its existence has been characterised by spontaneous public discourse during crises that thrust it into the limelight. 

For instance, in 2019, following the DusitD2 complex terrorist attack, the PSRA came into focus after the directive by the Director General of the Private Security Regulation Authority that the government would arm private security personnel. 

This directive was met with criticism and support in equal measure due to the sensitive nature of national security. 

Recently, following escalated cases of femicides facilitated by online platforms such as dating and accommodation sites, the Director General of the Private Security Regulation Authority issued another directive that has sparked public discourse, especially relating to the balance between security and the right to privacy. 

The directive dated 15th January 2024 gave effect to Section 48 of the PSRA, which empowers private security personnel stationed at entity points of premises or properties to require a person to identify themselves, register the time of entry and exit of the person, and temporarily retain the identification documents of such a person. 

The private security sector collects a lot of personal data. The most common way is by recording visitors’ details in books at entry and exit points of premises and properties, retention of identification documents, and taking photos, among other means. 

Lately, surveillance technologies such as CCTV cameras, fingerprints, and body and iris scans have also entered the private security sector to collect personal data through digital means.

Despite the amount of personal data collected, more must be done to ensure compliance with data protection principles such as data minimisation, storage limitation, and privacy requirements. 

Speaking during a webinar hosted by KICTANet, legal and data protection experts have called the Director General to order, citing this directive as a knee-jerk reaction to prevailing circumstances devoid of input from the legal and data protection sectors. 

The experts, Dr Mugambi Laibuta, Ms Grace Bomu, an official from the Data Privacy and Governance Society of Kenya (DPGSK), and Ms Cherie Oyier, a Programs Officer at KICTANet, discussed the implications of the said directive in light of the data protection framework in Kenya.

Dr. Mugambi Laibuta argued that the directive seeking to effect Section 48 of the PSRA was illegal because its section 48(4) stipulates that the Cabinet Secretary shall make regulations to effect Section 48. Theuing such a directive without the stipulated regulation was an illegality. 

Likewise, Ms Grace Bomu and Ms Oyier agreed that private security personnel and companies required to collect personal data from discharging their complementary role to national security were also bound by the Kenya Data Protection Act, 2019. They also noted that several concerns and loopholes in the private security sector needed to be addressed first to ensure compliance with the Data Protection Act 2019.

The experts noted that non-compliance with the Data Protection Act points to more profound challenges, such as low or non-existent budgets for data protection compliance, lack of training or uneven training of private security personnel, lack of privacy policies and the reluctance of security companies and premises to designate Data Protection Officers to advise on compliance. 

Crucially, the conversation on technology-facilitated femicides in Kenya cannot be had without looking at the role of platforms such as online dating and accommodation sites. Technology has indeed modified how crimes are committed, and gender-based violence is not an exception. 

For instance, the murder of Starlet Wahu, a socialite in Kenya, was reported to have been engaged in an Airbnb apartment by one John Matara, someone she allegedly met on an online dating site. As investigations continue on this case, it is emerging that balancing security and privacy is a tightrope.

During a KICTANet community engagement held on X spaces, recommendations such as having verification and referral systems before onboarding users onto dating sites were suggested. 

These mechanisms aim to verify identities and characters to assure users of their safety and security as they engage online and offline. Online accommodation sites such as Airbnb allow for the use of security cameras as long as they are disclosed in the listing description. This is to guarantee the privacy of users. 

As we navigate technology’s challenges and opportunities, even in the private security sector, proper procedures must be followed to establish regulatory frameworks to lend them legitimacy. Effective public participation through multi-stakeholder approaches should be employed in these endeavours. 

Cherie Oyier is KICTANet’s Programs Officer for the Women’s Digital Rights Program.


David Indeje information

Related Posts

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.