LOUNGES, BARS & RESTAURANTS-IMAGE RIGHTS IN KENYA

November 30, 2023
legal alerts
admin
Comment off

The “Mbwa Kali” Declarations by Nairobi Lounges, Bars, & Restaurants: Understanding Image Rights in Kenya

In our recent WKA Advocates newsletter, we discussed the uninformed notices issued by some entertainment venues and restaurants in Nairobi, such as #TheLoftLounge and #TheQuiverLounge. These establishments have informed their patrons about the presence of photographers, implying that customers consent to the use of their image rights by simply entering the venue. This raises a crucial question: who invited these photographers, and do patrons fully understand their privacy rights?

The increasing panic among Nairobi business owners reveals widespread ignorance about Kenya’s Data Protection Laws. Fortunately, the Office of the Data Protection Commissioner (ODPC) is taking decisive action to end this era of ignorance. With the growing collection, storage, and use of personal data by third parties, it’s critical for both businesses and individuals to familiarize themselves with the Data Protection Act, 2019 (DPA, 2019). Do data subjects in Kenya know their rights? Are data controllers aware of their legal obligations under the DPA, 2019?

Data Protection Laws in Kenya: A Growing Concern for Lounges and Restaurants

Ignorance of the law is no defense. This has been demonstrated by the recent penalties issued by the ODPC. On 26th September 2023, the ODPC imposed penalties on three Data Controllers for violating Kenya’s Data Privacy Rights and failing to comply with the Data Protection Act.

Key ODPC Penalties:

Mulla Pride Ltd, a digital credit provider running the KeCredit and Falcrash mobile lending apps, was fined Ksh. 2,975,000 for misusing complainants’ names and contacts for harassing messages.
CasaVera Lounge, a restaurant on Ngong Road, Nairobi, was fined Ksh. 1,850,000 for posting a patron’s image on social media without their consent.
Roma School in Uthiru was fined Ksh. 4,550,000 for sharing minors’ photos online without parental consent.

Nairobi Venues React with Misleading Notices

In response to these penalties, many Nairobi bars and restaurants, such as Evo Lounge, The Loft, Texas Barbeque, Platinum 7D, and Quiver Lounge Kilimani, have issued warning notices implying that entry to their premises constitutes consent to be photographed or recorded. Here’s an excerpt from Evo Lounge’s notice:

“Your entry and presence on the premises constitute your consent to be photographed, filmed, and/or recorded… By entering, you waive and release any claims related to the use of recorded media of you… including invasion of privacy.”

These notices are what we call Mbwa Kali Declarations. Unfortunately, many business establishments have misunderstood the penalties issued by the ODPC. Rather than respecting Kenya’s Data Privacy Laws, they resort to invalid and aggressive warnings of “implied consent.” This is not how the law works.

Data Protection Obligations for Nairobi Businesses Under the DPA, 2019

Bars, restaurants, and other establishments in Kenya must comply with the Data Protection Act, 2019, especially if they hire photographers to capture images (which constitute personal data) of their patrons for marketing purposes.

Obligations Include:

Registration: All Data Controllers and Data Processors must register with the ODPC before collecting any personal data. The ODPC maintains a register of certified entities.
Consent: Businesses must obtain free, informed, and express consent from patrons before collecting and using their personal data. Consent cannot be implied.
Compliance: All personal data must be processed lawfully and fairly, respecting the rights of the data subjects.

The 8 Key Data Protection Principles in Kenya

Kenya’s Data Protection Act emphasizes the following principles:

Right to Privacy: Data must be processed with respect for privacy.
Lawfulness, Fairness, and Transparency: Processing must be lawful and transparent, with clear communication to data subjects.
Purpose Limitation: Data collection must be for specific, legitimate purposes.
Data Minimization: Only relevant data should be collected.
Accuracy: Data must be accurate and regularly updated.
Storage Limitation: Personal data should be stored only for as

long as necessary for its intended purpose.

Integrity and Confidentiality: Data must be processed securely and confidentially.
Accountability: Data Controllers must demonstrate compliance with the Data Protection Act, 2019.

Commercial Use of Personal Data in Nairobi

Section 37(1) of the DPA, 2019, strictly prohibits the commercial use of personal data without explicit consent or legal authorization. Any personal data collected must be anonymized to prevent identification of the individual.

Data Subject Rights in Kenya

Under Section 26 of the DPA, 2019, data subjects in Kenya have the right to:

Be informed about the usage of their data.
Access their personal data.
Object to the processing of their data.
Correct inaccurate or misleading data.
Have their data deleted if it’s inaccurate or unlawfully processed.

Data subjects can file complaints with the ODPC for any violations of their data rights. The ODPC has the authority to investigate and impose penalties or enforcement notices.

Nairobi Businesses Must Take These Obligations Seriously

Restaurants, bars, hair salons, gyms, and other establishments in Kenya cannot:

Collect personal data without registration.
Assume consent through “implied” warnings.
Use personal data indefinitely for any purpose.
Deny data subjects access to inspect their personal data.

Conclusion: The Misuse of “Implied Consent” by Nairobi Bars and Restaurants

Warning notices of “implied consent” issued by businesses such as #EvoLounge, #QuiverLounge, and #Platinum7D are illegal and invalid. Business owners must understand that Data Protection Officers (DPOs) are essential in ensuring compliance with data privacy laws in Kenya to avoid hefty penalties.

At WKA Advocates, we offer specialized Data Protection Officer (DPO) services to ensure businesses comply with Kenya’s Data Protection Laws.

We hope this article helps clarify the key provisions of the Data Protection Act, 2019. For further legal assistance or compliance advice, contact us at:

Email: info@wka.co.ke
Website: www.wka.co.ke
Phone: +254 798 03 580
Location: Nairobi Hub, Parklands, Valley View Business Park, 6th Floor, City Park Drive, Off Limuru Road.

HOW TO AVOID PROBATE-WKA ADVOCATES WHAT IS THE LAWFUL PROCEDURE FOR A LENDER TO SELL YOUR PROPERTY IN CASE YOU DEFAULT IN LOAN PAYMENTS?

THE MBWA KALI (FEROCIOUS DOGS) DECLARATIONS BY LOUNGES, BARS & RESTAURANTS-IMAGE RIGHTS IN KENYA

Affordable Housing Program Updates

THE KENYA CITIZENSHIP AND IMMIGRATION (AMENDMENT) REGULATIONS, 2024

Why You Need a Lawyer When Buying Property in Kenya

Links

Contact

Newsletter