We refer to EU and Kenya. In Kenya the Data Protection Act, 2019 defines who a “data controller” is; a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of processing of personal data;
Then there is the commercialization of the consent. A good example, an individual could be presumed to have given consent in return for a presumption of privilege.Social media is a good point to see where individuals share the personal information seemingly ever voluntarily. Of course then, issues of the rights and access to such privileges arise. Trademarks and Copyrights! Those of first come first to mind. Coca cola is a good example of Trademarks while Music Labels are for Copyright.
Material disclosures are required. It is a convenient way to establish that once personal Data is collected, that personal data must not be used for any other purpose other than that which it was t be presumed to have been consented to by the disclosing party. Furthermore, where such information is obtained for illegal purposes it cannot be used. The controller is therefore on the one hand automatically subject to statutory erasure obligations (seek legal advise on who is a data controller, and the duties of a data controller). Note that there is no express provision on this by law. However in Kenya and Africa the online regulatory systems are weak and at times ineffective if at all. In East African, Kenya remains consistent with progressive Laws. As for its implementation, its culture is tells.
Scholarly background Such remarks were first codified[1] in the General Data Protection Regulation (GDPR).
Note that an erasure request is not subject to any particular form, and the controller[2] may not require any specific form. But, the identity of the data subject must first be proven in a reasonable and identifiable way. If the identity is not proven, the controller should request additional information or reject the request to erase of the data. If there is a request or a Statutory oligation to erase, it must be executed quickly.
This means that the controller has to check the conditions for erasure without undue delay. In such a request for an erasure, the data subject must be informed within one month (30 days) about the measures taken or the reasons for omission. The right to be forgotten is reflected a second time in the notification obligation. According to Article 19 of the GDPR the controller must inform all recipients of the data about any rectification or erasure and thereby must use all means available and exhaust all appropriate measures.
The right to be forgotten is not unreservedly guaranteed.[3] It is limited especially when contrasted with the right of freedom of expression and information. Other exceptions are if the processing of data which is subject to an erasure request is necessary to comply with legal obligations, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or for the defense of legal claims.[4]
[1] Google Spain SL, Google Inc v Agencia Española de Protección de Datos, Mario Costeja González (2014).
[2] a person, company, or other body that determines the purpose and means of personal data processing (this can be determined alone, or jointly with another person/company/body)
[3]< https://gdpr-info.eu/issues/right-to-be-forgotten/> accessed 24th October 2019
[4] ibid
