The State of Privacy in Kenya is the result of an ongoing collaboration by Privacy International and the National Coalition of Human Rights Defenders – Kenya.
Key Privacy Facts
1. Constitutional privacy protections: Article 31 of the Kenyan Constitution specifically protects the right to privacy.
2. Data protection law: Kenya does not currently have specific data protection legislation. However, a Data Protection bill was tabled in Parliament in 2015.
3. Data protection agency: Kenya does not have a specific data protection authority.
4. Recent scandals: Kenyan and international civil society groups report high levels of extrajudicial surveillance.
5. ID regime: The Integrated Population Registration System (IPRS) collects data from a dozen databases held by various government agencies.
Article 31 of the Constitution specifically protects the right to privacy. It states:
“Every person has the right to privacy, which includes the right not to have—
(a) their person, home or property searched;
(b) their possessions seized;
(c) information relating to their family or private affairs unnecessarily required or revealed; or
(d) the privacy of their communications infringed.”
Furthermore, Article 2 states that Kenya’s international obligations, such as its commitment to the Universal Declaration of Human Rights and International Covenant on Civil and Political Rights, which include privacy rights, are part of Kenyan domestic law. It states:
“(5) The general rules of international law shall form part of the law of Kenya.
(6) Any treaty or convention ratified by Kenya shall form part of the law of Kenya under this Constitution.”
Kenya is a signatory to or has ratified a number of international conventions with privacy implications, including:
The Communications Authority of Kenya (CA) regulates the telecommunications industry and collects statistics on the sector. Mobile penetration was recorded at 86.2 % in March 2017, with 39.1 million mobile subscriptions. There were an estimated 40.59 million internet users in Kenya in March 2017, representing an internet penetration rate of 89.4% according to the CA.
Social media is widely used in Kenya. Kenya is reported to have over 5 million active daily Facebook users, and 693,000 confirmed active users on Twitter, according to a study by Ogilvy, an advertising and public relations firm.
The Kenya Information and Communications Act (2009), penalises the unlawful interception of communications by service providers. Article 31 states:
“A licensed telecommunication operator who otherwise than in the course of his business—
(a) intercepts a message sent through a licensed telecommunication system; or
(b) discloses to any person the contents of a message intercepted under paragraph ; or
(c) discloses to any person the contents of any statement or account specifying the telecommunication services provided by means of that statement or account, commits an offence and shall be liable on conviction to a fine not exceeding three hundred thousand shillings or, to imprisonment for a term not exceeding three years, or to both.”
Article 83 states:
“(1) Subject to subsection (3), any person who by any means knowingly:—
(a) secures access to any computer system for the purpose of obtaining, directly or indirectly, any computer service;
(b) intercepts or causes to be intercepted, directly or indirectly, any function of, or any data within a computer system, shall commit an offence.”
Article 93 (1) states:
“No information with respect to any particular business which—
(a) has been obtained under or by virtue of the provisions of this Act; and
(b) relates to the private affairs of any individual or to any particular business,
shall, during the lifetime of that individual or so long as that business continues to be carried on be disclosed by the Commission or by any other person without the consent of that individual or the person for the time being carrying on that business.”
Read the full report here: https://privacyinternational.org/node/1005