Rwanda: NCSA publishes guidance on right to object
The National Cyber Security Authority ('NCSA') published, on 10 August 2022, guidance on the right to object. In particular, the NCSA noted that the right to object means that a data subject can stop data processors and data controllers from using their data, as long as this objection follows certain circumstances stated within the Law No. 058/2021 of 13 October 2021 Relating to the Protection of Personal Data and Privacy ('the Data Protection Law'). In addition, the NCSA explained that, as stated in the Data Protection Law, a data subject can object to personal data processing in the following circumstances:
- processing of personal data is likely to cause loss, sadness, or anxiety to the data subject; or
- personal data are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
However, the NCSA outlined that if the data processor or data controller which processes said personal data can demonstrate compelling legitimate grounds for the personnel data processing, the right to object does not apply. Furthermore, the NCSA provided that the data controller or the data processor, within 30 days from the date of receipt of the request, must inform the concerned data subject, in writing or electronically, of the compliance with the request or reasons for non-compliance. Lastly, the NCSA noted that, if the data subject is not satisfied with the response of the data controller or the data processor, they may appeal to the NCSA within 30 days from the date of receipt of the response.
You can read the guidance here.