Wednesday, December 6, 2023

UDC court case against IEC raises interesting questions on the  basic tenets of Data Protection Act

Is Botswana fully compliant on the provisions and principles of Data Protection Laws?

Is voter registration by the Independent electoral commission compliant with the with the requirements of Data Protection Law?

These are not theoretical questions.

Rather they are fundamental questions that going forward will need to be addressed by various institutions in Botswana that deal with handling personal data.

The courts of law will also play a big role in interpretation and also aligning the various institutions as they try to navigate the Data Protection Act.

Depending on how we address these questions, there is a real possibility that Botswana could get blacklisted, especially by the European Union.

The European Union has a robust set of principles when it comes to data protection.

For example, under the EU law, exporting data and storing it abroad is by itself a serious offence that is ruthlessly punished.

If there is anything that we will need to thank Duma Boko and his party, the UDC it has to be taking the Independent Electoral Commission to court.

The court case should go a long way in settling some of the key issues surrounding Data Protection Act.

There is no doubt that the IEC receives a lot of personal data in the course of voter registration.

Before 2018, that was not a big issue.

That was because there was nothing like Data Protection Act.

But in 2018, Botswana parliament passed the Data Protection Act.

This is now a big deal in the world we live in.

The European Union for example is very solid when it comes to Data Protection.

Its Data Protection law is considered the most comprehensive in the world.

And not without a reason, that law is also considered the toughest security law in the whole world.

It takes no prisoners and makes no bone about it.

That piece of legislation places tough obligations on any organization that collects data on European Union citizens

Violations are harshly punished. And compliance is not an easy task.

That is what is to be expected in our instance.

The Data Protection Act renders illegal some of the things that we had come to treat as elementary.

A Security Guard taking personal details of guests entering a complex on a note book at a gate fundamentally offends the Data Protection act.

What that officer does with the personal data they have collected has serious implications.

What do they do with that data?

Who do they share it with?

How do they destroy or dispose of that data when they no longer need it?

All these are now serious legal questions that many of our people are still to come to terms with.

As a result of the Data Protection Act, several procedures inherent in the electoral process like voter registration and inspection of the voters roll have now become very problematic and potentially illegal.

The Data Protection Act establishes the Data Commissioner.

This is an office that has both responsibilities and the obligations under the Act.

There is no doubt that voter registration as a legal and proper process for the basis of democratic undertaking, like election is now under jeopardy.

This is because under the Data Protection Act is wholly conceivable that a person might approach the courts seeking to get clarity on what the IEC has done with the personal data provided during registration.

Passing data without due authorization is a serious offence.

Exporting and storing data on individuals across borders is illegal.

Back to Boko, the UDC and the IEC.

Boko had gone to court because he wants UDC representatives given access to the voter data.

The High Court has ruled that IEC should show course why that should not happen.

Again the IEC gets a lot of data and information.

Sharing that information with third parties is legally problematic.

The UDC case is thus a major legal matter. If not handled properly it could put the country in direct collision course with international partners.


Read this week's paper