The issue of privacy regarding the EC sharing of personal information with political parties by way of an electoral roll had come up in an IT Law class for discussion.
This was supposed to be discussed/debated within the precincts of the Data Protection Act, 2012 (ACT 843) and any other relevant legal authorities.
We arrived at that discussion because a colleague of ours who belongs to a political party had shown the class what he said was a voters register. According to him, the register was shared with his party in accordance with the law and the party, in turn, shared same with some of its members – for whatever purpose it was unclear.
So then, the question was – has the privacy of voters been breached by that singular act of the EC under the circumstances? The class was divided – some for; others against.
My view was that there was nothing wrong with the EC sharing the register (which contains personal information) with the parties, as such an act was an exercise of a statutory duty imposed on the EC by law – Public Elections (Registration of Voters) Regulation, 2016 27 (3) and 27 (4) of C.I 91 as amended by C.I 127.
I acknowledged in my submission that even though Section 17 of Act 843 insists that data protection principles- accountability, lawfulness, security safeguards, openness, etc – be applied in the collection and processing of personal data, it creates an exception for the principles can be bent where necessary.
My position on the matter has still not changed. In the face of a real issue on our hands, occasioned by the EC’s publication of the 2020 voters register on a Google Drive and shared on its website, there is the need for that position to be restated and elaborated.
Privacy rights of data subjects
A specific insistence on the privacy rights of a data subject is created in Section 18 (1) where it provides as follow;
(1) A person who processes personal data shall ensure that the personal data is processed
(a) without infringing the privacy rights of the data subject;
(b) in a lawful manner; and
(c) in a reasonable manner.
However, in the matter of non-disclosure, Section 66 of the Act expressly makes exceptions by stating “personal data is exempt from the provisions of non-disclosure where the disclosure is required by or under an enactment, any rule of law or by the order of a court.”
This, together with the EC’s Regulations C.I cited above, in my view pass as enough grounds for the disclosure of the personal data contained in the voters’ register.
What’s personal data?
The interpretation Section of ACT 843 defines “personal data” as, “data about an individual who can be identified,
(a) from the data, or
(b) from the data or other information in the possession of, or likely to come into the possession of the data controller;”.
Clearly, the information being put out by the EC qualify as personal data and ought to be handled in accordance with the law.
What are the options for aggrieved persons?
If for any reason a person or a group of persons feels aggrieved by how their personal data has been handled by the data controller, such persons have the options of lodging a complaint with the Data Protection Commission or seek redress in the law court if the alleged act is a breach of the right to privacy.
Article 33 (1) of the Constitution of Ghana, 1992, specifically provides for aggrieved individuals who allege a breach of their fundamental human rights to bring an action to the High Court for redress.
The High Court is vested with the exclusive jurisdiction to enforce violations of fundamental human rights against individuals. As a condition, however, such persons must satisfy the court that their plaint is personal to them, and not someone else or even the good of the public.
“Where a person alleges that a provision of this Constitution on the fundamental human rights and freedoms has been, or is being or is likely to be contravened in relation to him, then, without prejudice to any other action that is lawfully available, that person may apply to the High Court for redress” – Article 33 (1).
The other leg of this is for aggrieved persons to invoke the jurisdiction of the Supreme Court as it ruled in the 2008 case of Adjei Ampofo v. AMA and AG that it has jurisdiction over the enforcement of fundamental human rights in the public interest.
While the apprehension of the public may be understandable considering that the surge in cybercrime occasioned by the digital age, it will be too hasty a conclusion to draw given the facts, that the EC has breached the privacy of Ghanaians – there is less in our laws to support such claims than there is dismiss them. I’m however willing to concede that the EC must tread very cautiously in adopting innovative ways of keeping up with technology – security must be a top priority.
By P.D Wedam|3news.com|Ghana
The author is a journalist with the Media General Group and a law student. Views expressed in this article are entirely the author’s and do not in any way reflect those of the Media General Group or its affiliates, assigns and agents.