2025-01-31
A COSTLY REPOST
A Costly Repost: Key Data Protection Lessons from Social Media Use
‘Like, comment, and share’—a mantra familiar to all social media users. But when it comes to personal data, sharing isn’t always caring. Before reposting someone’s image on social media, it is crucial to consider whether doing so aligns with Kenya’s data protection laws. Court decisions have emphasized that personal data, including images shared on social media, remain protected under the Data Protection Act (the “Act”). Reposting another person’s image for commercial gain without consent can violate their constitutional right to privacy and constitute an offense under the Act.
Legal Framework and Key Considerations
Under the Act, data controllers and processors must adhere to specific responsibilities when collecting, storing, and using personal data. The law defines a data controller as an entity that determines the purpose and means of processing personal data, while a data processor processes data on behalf of the controller.
Even when personal data is accessible in the public domain, its use is not unrestricted. Section 29 of the Act requires data controllers and processors to inform data subjects about essential details, including:
- The purpose of data collection,
- Who the data may be shared with,
- Contact details of the entity collecting the data, and
- Security measures in place to protect the data.
Additionally, Section 30 of the Act prohibits processing personal data without the data subject’s consent, which can be withdrawn at any time. Violating this provision constitutes an offense under the Act.
Thin Line Between Social Media Engagement and Data Violations
While social media platforms encourage engagement through likes, comments, and reposts, not all interactions are legally permissible. Court decisions have emphasized that using someone’s image in a manner that suggests endorsement or serves a commercial purpose, without their explicit consent, crosses the line into unlawful data processing.
For example, a business that republishes an individual’s image to promote its products or services, especially when accompanied by captions that link the individual to the brand, may be deemed to have illegally processed the personal data for commercial gain.
When reposting an image on social media, the presence of user inquiries on the post regarding the entity’s products, coupled with the entity’s responses promoting its offerings, may further demonstrate an intention to use personal data for marketing purposes. This could constitute a violation of data protection laws.
Responsibilities of Data Controllers and Processors
Data controllers are defined under the Act as persons or entities that determine the purpose and means of processing of personal data. Data processors are persons or entities that process data on behalf of a controller.
The following are key duties outlined in the Act for entities when handling personal data:
- Consent: Obtain explicit consent from data subjects before collecting or using their personal data.
- Right to Privacy: Ensure that data is processed in accordance with the right to privacy of the data subject
- Lawful Processing: Ensure that personal data is processed lawfully, fairly, and transparently.
- Purpose Limitation: Collect data for specified, explicit, and legitimate purposes and not process it in a manner incompatible with those purposes.
- Data Minimization: Ensure that data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accuracy: Take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
- Storage Limitation: Keep personal data in a form that permits identification of data subjects for no longer than is necessary.
- Integrity and Confidentiality: Implement appropriate technical and organizational measures to ensure the security of personal data.
Conclusion
Entities and individuals handling personal data must adhere to the principles of lawfulness, fairness, transparency, and accountability outlined in the Act. Compliance is not only essential to avoid legal and regulatory consequences but also to safeguard individuals’ fundamental right to privacy.
As social media continues to evolve, businesses and individuals alike must remain vigilant in ensuring that their online interactions do not inadvertently breach data protection laws. Each interaction, whether a simple post, comment, or response to a customer inquiry, has the potential to engage data protection laws. Therefore, before sharing, reposting, or using personal data in any manner, it is crucial to ask: Have I obtained the necessary consent? Does this align with data protection requirements?
ESTHER OMULELE , BILLY OTIENO
Related News & Articles
2025-03-03
Jessica Mwenje , Winnie Odhiambo
A LOOK INTO THE NATIONAL RATING ACT IN KENYA
A NEW DAWN FOR RATING IN KENYA Introduction Land rates are levies paid to the county governments by landowners. On
2025-02-25
Esther Omulele & Billy Otieno
Insider Trading and the Legal Framework in Kenya: Reflections on the Capital Markets Tribunal’s Recent Decision
Did you know that insider trading can land you in prison and cost you millions of shillings? Consider the Martha
2025-02-17
Daniel Musyoka , Karen Muthee
Property Valuers’ Duty of Care: Avoiding negligence claims
A. Introduction There are several reasons why property valuation is crucial to securing credit facilities These include, first, the need
2025-02-03
JESSICA MWENJE, CYPRIAN MASIKA
LET GO AND SUE FOR DAMAGES: KENYA’S SUPREME COURT ADVISES LANDLORDS
KENYA’S SUPREME COURT ADVISES LANDLORDS WHERE A TENANT TERMINATES A COMMERCIAL LEASE BEFORE THE LAPSE OF THE LEASE PERIOD EXECUTIVE
2025-01-31
ESTHER OMULELE , BILLY OTIENO
A COSTLY REPOST
A Costly Repost: Key Data Protection Lessons from Social Media Use ‘Like, comment, and share’—a mantra familiar to all social
2025-01-29
The Greenwashing Trap in Finance –Are We Truly Going Green?
GREENWASHING AND THE FINANCIAL SECTOR As we move further into the 21st century, discussions about sustainability and environmental responsibility have
2025-01-15
YOU WILL, YOUR WAY:EXPLORING THE POWER TESTAMENTARY FREEDOM.
Introduction Arguably, the principle of testamentary freedom is rooted in John Locke's[1] "Two Treatises of Government," in which he asserts
2025-01-10
Esther Omulele , Margret Muiruri
The Legality of eSignatures in Kenya
Introduction In an increasingly digital world, Kenya has embraced electronic signatures (eSignatures) as a legitimate means of executing documents and
2024-12-11
Esther Omulele , Sheila Kamau
DREAMS AND DILEMMAS: WALKING THE TIGHTROPE OF SURROGACY IN KENYA’S LEGAL SHADOWS
Introduction Surrogacy, much like a revolving number of nuanced concepts like Artificial Intelligence, cryptocurrency, social justice, and cybercrime, is slowly