MULTICHOICE EXPANDS SERVICE OUTLETS TO ONGATA RONGAI

Multichoice Kenya has today officially opened its doors to a new branch located in Ongata Rongai. The Rongai branch will serve both DStv and GOtv customers and is located on the First Floor of Rongai Business Centre along Magadi road. The opening of the branch is a strategic move to ensure customers can easily access service points across the county.

Alvin Kimani, CEC Trade, Investments and Cooperatives Kajiado County while officially launching the new branch on behalf of H.E Joseph Ole Lenku, Governor of Kajiado County said, “The opening of this Rongai branch will greatly the residents of Rongai and adjacent areas of Nkoroi, Matasia, Kware and Kandisi as the residents will no longer need to travel long distances to access after-sale support. This branch will also make a significant contribution by increasing the number of businesses in this area through offering opportunities to direct sales agents, installers and electronic service partners who will indirectly support the operations of this branch. We are grateful to MultiChoice Kenya for bringing services closer to the people of Rongai and we look forward to enjoying the programming on your platforms.”

Nancy Matimu, MultiChoice Kenya Managing Director said, “The launch of the Rongai branch is in line with our mission of enriching lives by making entertainment more accessible. Nairobi is rapidly expanding, and we want to grow with our customers. This branch is therefore a strategic move to ensure that our customers can enjoy hustle free viewing and easily access after-sale services conveniently and with the least hustle.”

Little Cab launches Doctor's Booking Services

Little, the cab hailing service, has said it has partnered with over 200 medical specialists to offer patient booking services on Little App. This new feature seeks to ease the queues experienced at doctor’s clinics when patients go for their appointments.

The Little “Book-A-Doctor” feature not only offers customers an array of specialists to choose from, but also an option of pre-booking their rides to their appointments. 

The feature, which is currently in the pilot phase, hopes to see 500 more specialists on boarded by end of 2021. 

Plans are already underway to include home-based COVID-19 care services and at- home lab tests. 

While sharing details on how the new appointment booking service will work, Little CEO Kamal Budhabhatti, underscored the importance of the product during this COVID-19 period. 

"Based on our consumer research, average waiting time at a doctor’s clinic can be up to 40 minutes. We intend to reduce this waiting time through the streamlined booking system we have developed."

DStv customers to add movie channels to their packages

MultiChoice has announced that from June 2021, DStv customers will be able to amp up their entertainment by adding movie channels onto their current packages at a fraction of the cost.

During the 2021 MultiChoice Kenya Content Showcase Managing Director Nancy Matimu said, “We continue to look for ways to create more choice and value for our customers and improve the viewing experience

DStv customers on Compact Plus, Compact, Family and Access will be able to add M-Net Movies 1, Movies 2 or Movies 3 to access premium movies for a fraction of the cost of the package. The movies add-on service will give customers access to the latest international feel-good Animania festival movies for the entire family on M-Net Movies 1 (DStv 104).

DStv to Showcase 51 matches en route to EURO 2021 Final in Wembley

The road to Wembley stadium for the Euro 2021 soccer tournament will involve 51 matches across 12 European cities, sports broadcaster, Supersport has said, as it announced it will air all 51 to subscribers.

This will be in addition to the yet to be confirmed Olympics 2021 which are to be hosted in Tokyo, Japan.

Euro 2021 action kicks off in Rome on 11th June with Turkey taking on the Azzuri (Italy).

The following evening, Supersport will air three matches where Switzerland will host Wales, Denmark will visit Finland, and Belgium will visit Russia in the late game.

The rest of the fixtures will be:

Sunday June 13

Group D: England vs Croatia; Kick-off 2pm (London)

Group C: Austria vs North Macedonia; Kick-off 5pm (Bucharest)

Group C: Netherlands vs Ukraine; Kick-off 8pm (Amsterdam)

Monday June 14

Group D: Scotland vs Czech Republic; Kick-off 2pm (Glasgow)

Group E: Poland vs Slovakia; Kick-off 5pm (Dublin)

Group E: Spain vs Sweden; Kick-off 8pm (Bilbao)

Tuesday June 15

Group F: Hungary vs Portugal; Kick-off 5pm (Budapest)

Group F: France vs Germany; Kick-off 8pm (Munich)

Wednesday June 16

Group B: Finland vs Russia: Kick-off 2pm (St Petersburg)

Group A: Turkey vs Wales: Kick-off 5pm (Baku)

Group A: Italy vs Switzerland; Kick-off 8pm (Rome)

Thursday June 17

Group C: Ukraine vs North Macedonia; Kick-off 2pm (Bucharest)

Group B: Denmark vs Belgium; Kick-off 5pm (Copenhagen)

Group C: Netherlands vs Austria; Kick-off 8pm (Amsterdam)

Friday June 18

Group E: Sweden vs Slovakia; Kick-off 2pm (Dublin)

Group D: Croatia vs Czech Republic; Kick-off 5pm (Glasgow)

Group D: England vs Scotland; Kick-off 8pm (London)

Saturday June 19

Group F: Hungary vs France; Kick-off 2pm (Budapest)

Group F: Portugal vs Germany; Kick-off 5pm (Munich)

Group E: Spain vs Poland; Kick-off 8pm (Bilbao)

Sunday June 20

Group A: Italy vs Wales; Kick-off 5pm (Rome)

Group A: Switzerland vs Turkey; Kick-off 5pm (Baku)

Monday June 21

Group C: North Macedonia vs Netherlands; Kick-off 5pm (Amsterdam)

Group C: Ukraine vs Austria; Kick-off 5pm (Bucharest)

Group B: Russia vs Denmark; Kick-off 8pm (Copenhagen)

Group B: Finland vs Belgium; Kick-off 8pm (St Petersburg)

Tuesday June 22

Group D: Czech Republic vs England; Kick-off 8pm (London)

Group D: Croatia vs Scotland; Kick-off 8pm (Glasgow)

Wednesday June 23

Group E: Slovakia vs Spain; Kick-off 5pm (Bilbao)

Group E: Sweden vs Poland; Kick-off 5pm (Dublin)

Group F: Germany vs Hungary; Kick-off 8pm (Munich)

Group F: Portugal vs France; Kick-off 8pm (Budapest)

Top two in each group plus four best third-placed teams go through

Multichoice to Debut 3 Documentaries on Kenyan Athletic Champiions

 

Multichoice has announced the release a three-part documentary series featuring world-famous Kenyan athletes as part of its content showcase for the coming season.

According to the company's announcement during its ongoing Content Showcase, "The documentary dubbed ‘Rising Champions’ is a 3-part series gripping feature focusing on the success, the secret and the science behind a long line of strong athletes from the region"

First will be, "Rising Champions:  The Success of East African Athletes" which will be about the rise of East African Athletes and their dominance in long distance running over the last 60 years.

Next will be Rising Champions:  The Secret Behind East African Athletes which looks at the cultural, geographical influences and training methods that have made East African Athletes conquer the world of long-distance running and finally,  Rising Champions:  The Science Behind East Africa Athletes explores the genetics, diet and environmental factors that have contributed to the global success of East African Athletes in long distance running.

Among the greats who will be featured include world 800-metre record holder, David Rudisha, champions Paul Tergat, Catherine Ndereba, Julius Yego, Hellen Obiri amongst others.

The documentaries are available to watch on DStv Catch up on the DStv Explora and DStvApp. 

DRAFT DATA PROTECTION REGULATIONS WAY FORWARD

 

The Office of the Data Protection Commissioner has issued the Draft Data Protection Regulations, 2021. These are meant to give clarity and guidance on compliance with the Data Protection Act, 2019.

The DPA was enacted in November, 2019 in main, give effect to Article 31 of the Kenyan Constitution on the “Right to Privacy.” Its subjects for the most part are Data Controllers and Data Processors.

However, it has been found to be ambiguous and has invited differing interpretations.

Subsequently, there was need to issue regulations to give clarity.

In November, 2020, the Data Commissioner was appointed and immediately embarked on developing Regulations.

In April 2021, the Commissioner issued the Draft Data Protection Regulations, 2021 consisting of:

i.                    The Data Protection (General) Regulations, 2021

ii.                  The Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021

iii.                The Data Protection (Compliance and Enforcement) Regulations, 2021

The Regulations are currently undergoing public hearings for input and finalization. On 27^th April, 2021, the Office of the Data Protection organized a virtual public hearing to discuss the General Regulations.

The General Regulations

These are meant to guide subjects on how to comply with the Act.

i.                    Part I deals with preliminaries like interpretations and exemptions

ii.                  Part II -Enabling the Rights of a Data Subject

 

Part II deals with how entities enable the rights of persons whose data they collect or process.

The DPA grants individual persons with several data subject rights regarding the collection and processing of their personal data which the Regulations spell out: 

The Rights of a Data Subject

Organizations will be required to adhere to the rights of the subject whose data they collect or process. These are covered under Regulations 4-12.

Consent – Regulation no 4 provides that for compliance, a data controller or processor must clearly inform what personal data they are collecting from an individual and for what purposes including whether it shall be handled by third parties. While consent may be oral or written, an entity cannot presume consent because the data subject has not objected or their response is ambiguous.

Obligations:

Entities should ensure they seek consent of the data subject clearly indicating what the data is to be used for and by whom.

 Collection of Data:

Regulation 5 expands the meaning of collection to include availing oneself of the personal data of another person by any means including:

-          From another person

-          From publications and databases

-          Surveillance cameras where one’s features are identifiable

-          Internet cookies from websites

-          Biometrics such as finger, face or voice recognition

Implications:

Organizations or entities will have to formalize any personal data collection activity. This means that even where a subject has willingly brought themselves to a place of business or interaction where any of their personal data may be collected, entities will need to come up with consent documents such as forms clearly indicating that personal data will be collected.

Entities should also beware that subject data that they come across that is not directly submitted by the owner can nonetheless qualify as data collection and is subject to restrictions. Regulation 5b requires that sensitive personal information can only be collected directly from the data subject.

This effectively also prohibits anonymous data collection or tracking of users such as mobile handset users, mobile subscribers, social media platforms such as Google, Facebook etc, websites and so on.

Also, data collected should be used for the purpose stated only. For new uses, fresh consent has to be sought from the subject.

The guidance principles therefore here are:

Data minimization – Entities should only collect necessary data for the purposes stated to the subject.

Data quality – Personal data collected must be accurate.

Data Security – Entities must ensure they secure the data they collect. This applies from collection, storage, and event transfer of data.

 Subjects’ Access to Data – A person should be able to access their personal data held by an entity for free.

The Office of the Data Commissioner provides a form which the subject can fill to request for this information. However, a subject can also make request for access in any other method and the entity should comply with that request.

Right to Restrict Processing – Contained under Regulation 6, a data subject who feels they did not willingly give their personal information, or that their data held by an entity might have errors, or that the time which the entity is allowed to hold the information has expired, can restrict that data from being processed and the entity holding that data must comply.

Right to object to processing – Related to the right to restrict processing, a person can request an entity to stop doing anything with their data. This can be if they believe they never gave consent for the same, or that they feel the entity obtained it illegally, or that the entity has no basis for holding it. This request should be complied with immediately and at no cost.

The same form is used for restriction or objection to processing and is found annexed to the General Regulations.

Rectification – A subject has a right to have their data rectified by the entity that holds it. This could be if they believe the data is misleading or outdated.

The subject will have to show proof that the data is outdated for example by producing an up-to-date Identification Card or Huduma Card.

Data Portability - A subject has a right to have their data ported from one data controller to another such as a mobile operator at minimal cost.

Erasure – Also known as the right to be forgotten, a subject can request a data controller to erase their personal data and upon request the entity shall respond within 14 days.

The ODPC provides Form 5 for this purpose and compliance with the request shall be free of charge.

Right to opt out

A data processor or controller must comply with a request by a subject to opt out of a data collecting process. The option to opt out must be simple, clear, visible e.g. in one word such as UNSUBSCRIBE

Restrictions on Commercial Use of Personal Data

Part III is likely to draw intense interest especially when it comes to compliance with consent or restrictions.

Sending a catalogue addressed to a subject through any medium, advertising on an online platform a subject is logged into using their personal data or data collected via cookies and used to target a subject is deemed cosmmercial use of personal data. So is sending a message about a sale or advertising material using personal data given by the subject.

Direct marketing may be permitted where no sensitive personal data is used but the marketer has collected the personal data from the subject, and the subject has been notified that direct marketing is one of the purposes of the data collection.

In the Covid era, with in-house restaurant dining prohibited and many other retail outlets operating at slowed down pace, online marketing especially through offers sent via SMS to users has been on the rise.

Compliance with this provision then, will require such eateries, online retailers, supermarkets, taxi companies to cease sending unsolicited direct marketing messages to users whose data or contacts they have gathered in the course of doing business.

The Regulations will allow direct marketing only where the recipient has been informed, and has consented to the use of their information for the same.

Obligations of Data controller and Data processor

Concomitant with the rights of a data subject are further obligations to entities that control or process personal data. Contained in Part IV of the General Regulations, these include:

Limitation on retention – Entities should say how long they will hold a subject’s personal data beyond which time they should erase the same.

Requests to anonymize or pseudo-anonymize – Entities should accede to requests to anonymize personal data by a subject.

Sharing of personal data – Entities can share personal data with other entities or third parties provided such request shall be in writing clearly stating the reasons for the data to be shared. A data sharing agreement between the two entities shall be made.

Sharing of such data within an organizational structure of a data controller or data processor shall not be taken data sharing.

Automated individual decision making – Where a data controller or processor uses non-human automated processing of subject data, they should inform the subject of the same, provide the logic or algorithmic process used, explain the significance of doing the same and where large amounts of data are involved, carry out a data impact assessment. They should also ensure the automated process is without errors.

At any point, a subject can seek intervention of a human being.

Data Protection Policy – Data controllers and processors will be required to have in place a Data Protection Policy which must be publicly available. Among other things, the Policy must tell subjects which data they are collecting, how subjects can access their data, the process for handling complaints, how long they intend to hold that data, and whether they collect data on vulnerable people such as children and the criteria used.

Agreements between Data Controllers and Data Processors – Subject to Section 42(2) of the DPA, a data controller can engage a data processor via a written agreement containing theinstructions from the controller to the processor. This could be for example a Mobile Network Operator or a Bank, and an Agent.

Such a processor, should they further wish to engage a third party in the processing activities must obtain the consent of the Data Controller.

Data Localization

Regulation 25 provides that data that is collected and processed for a public good as defined in paragraph (2) of the same, shall be processed through a server and data center located in Kenya. This includes civil registration, revenue administration, schools, national payments systems and so on.

Private data processing therefore is not subject to this requirement. However, the Cabinet Secretary can require such data be processed in Kenya if in the processing, the data is breached or violates the DPA and no rectification measures have been taken by the entity.

Data Protection by Design and by Default

Regulation 26 provides for data protection by design and by default which essentially means that data protection concerns must be integrated into every step of the data processing.

To demonstrate compliance to the Data Commissioner, an entity will need to demonstrate the technical and organizational measures it has taken to ensure for example, data minimization – only the necessary data is collected and processed, pseudo-anonymization, the retention period, accessibility to the data and data sharing restrictions.

Notification of Personal Data Breach

Where sensitive and identifying data held by an entity is breached or unintentionally becomes publicly available or available to unauthorized persons, then a notifiable data breach is deemed to have occurred as per Section 43 of the Data Protection Act.

Such data includes:

-           the subject’s full name or ID number,

-          Bank information

-          Health information

-          Electronic passwords

The entity must notify the Data Commissioner of the data breach within 72 hours of becoming aware of it describing:

-          The date, nature and circumstances of occurrence of the breach

-          Chronology of the entity’s response after they became aware of the breach

-          Number of persons affected and likely harm to them

-          Any action taken to eliminate or mitigate such harm and rectify the cause of the said breach

Transfer of Data outside Kenya

Transferring data to entities outside Kenya is not allowed without the subject’s consent. Further, the destination country must either have reciprocal agreement with Kenya, or has comparable data protection rules as determined by the Data Commissioner, or is signatory to the Malabo Protocol.

The transferring entity must also ensure that the recipient of the data accords it the required protection.

This particular provision may prove tenuous for entities to comply with especially the consent part. It has been suggested that entities who already have data processing consent from subjects such as customers, should only be required to ensure the data is transferred to a country with adequate data protection laws.

Data Protection Impact Assessment

Prior to high-risk data processing of data, entities will be required to carry out a data protection impact assessment.

This is for example processing of biometric or genetic data, large-scale use of data for a purpose other than that for which it was initially collected, a change in the way the entity processes data and so on as provided for under Regulation 42.

DPIA may be necessary for all data controllers and processors to perform prior to seeking compliance with Data Protection by Design and by Default requirements.

The Data Commissioner may also, subject to Section 23 of the Data Protection Act carry out periodic audits to assess compliance.

Provision of Exemptions

The regulations in Part VIII provide for when exemptions can occur:

-          For National Security purposes, there is a very high threshold which is for public entities covered under Article 239 (1) of the Constitution. These are the Kenya Defense Forces, the National Police Service, and the National Intelligence Service.

Anyone else will seeking exemption for reason of National Security will need to apply to the Cabinet Secretary for Information for exemption.

-          Public Interest purposes such as to report missing persons, preventing unlawful activity, asserting a legal or equitable claim and son on,

-          Permitted health reasons such as collecting and processing data for purposes of providing a health service or to carry out a health study or research.

General Provisions

Compounding of offences - the Data Commissioner with the concurrence of the Director of Public Prosecutions can compound a sentence with the written consent of the offender.

This avoids court procedure and the offender can be ordered to pay up to two-thirds of the maximum fine that would have been imposed upon conviction. The fine shall be payable within 14 days failure to which the Data Commissioner shall institute proceedings against the offender.

SAFARICOM TO DATA MINE CUSTOMER COMPLAINTS FOR PRODUCT DEVELOPMENT

Giant telco, Safaricom Limited has announced the hiring of a Director of Consumer Obsession to take on the challenging role of processing customer feedback and incorporating the insights gained into improving the companies products and services.

Lucille Aveva will handle the role which reports to the CEO Peter Ndegwa as well as sitting in the Executive Committee.

In the role, Lucille will mainly focus on retaining existing customers and developing product "stickiness" by applying Safaricom's vast data analytics power to filter from customer feedback insights about the company's products that can be used to improving the next version of these products and services.

That way, Customer Care instead of being seen as a one-off contact point with a customer whose issue the team solves at that time, the information so gathered from the customer will go into a feedback loop to business intelligence teams for processing and incorporation into subsequent product iterations.

From his communication about the hire, CEO Ndegwa indicated that this customer obsession project was already underway and Lucille will join to steer it forward.