policy (n.) a course or principle of action adopted or proposed by a government, party, business, or individual.
What is the Government's policy towards, say, information? In Kenya, it almost unlikely that you will find a document that sets out the Government's policy in full, that has been adopted or approved by the Cabinet, or that has been reviewed and approved by Parliament. You're more likely to find, online and off, a "draft" policy used as the basis for "further consultation among stakeholders". Since 2010 policy has been made and implemented in opaque ways, often with little accountability or transparency, and with the end-game being the enactment of legislation.
Taking legislation as one outcome of public policy, information policy is reflected in the Access to Information Act (No. 31 of 2016), the Kenya Information and Communications Act (No. 2 of 1998), the Official Secrets Act (cap. 187), the Statistics Act (cap. 19), the Defamation Act (cap. 36) and the Penal Code (cap. 63), though many Kenyans will identify the Access to Information Act and the Kenya Information and Communications Act as the only ones meriting their attention as part of the information policy landscape.
What these laws demonstrate regarding the information policy of the Government is that information is principally to be regulated and, in specific instances, mediated by Government agencies including the Communications Authority and the Kenya Broadcasting Corporation (established under the Kenya Broadcasting Corporation Act, cap. 221). It is in the regulatory landscape that the Government's policy is most plain to see; the Communications Authority has little to do with the generation of information but everything to do with how that information is communicated and broadcast, it being the agency tasked with licensing communications (including telecommunications) and broadcasting companies.
In the evolving area of electronic communications, the policy relies on the same policy tools that underpin traditional media, including all the aforementioned statutes. However, new policy tools are needed in an increasingly electronic information landscape especially now that the individual's right to privacy forms a core part of the Bill of Rights. How personal information is collected, stored, accessed and used are becoming important policy areas that must be addressed and the existing statutory infrastructure is increasingly inadequate.
Take, for example, those annoying marketing text messages one receives from, say, betting companies. It is unlikely that the betting company simply programmed its communications system to send out a blanket ad to a preprogrammed mobile phone numbers; it had to have accessed a database that contained those numbers and other personal information that indicated that one would be a ripe target for marketing information related to gaming or gambling. We need new rules for how that information can be protected for the benefit of the individual.
More and more personal information is now being collected and stored in electronic form and is accessible by both public and private entities. Some, like medical information, is so deeply personal that controlled access is the only way that this information can be protected. Yet, we don't know how many private entities have access to our medical information, how much of that information is being used for medical research or even what the outcomes of that research are. An attempt has been made to address these lacunae. For example, the Data Protection Bill seeks, among other things, to give individual's greater control over their personal information, indicating that the Government (or some parts of the Government, anyway) are aware of the increasing need to give individuals better tools for managing and protecting their personal information. But until it is enacted into law, the policy tools available to the Government and the protections afforded individuals will be limited only to the Bill of Rights' protection of an individual's right to privacy.