Data protection and right to privacy legislation in Kenya
The Parliament of Kenya enacted Data Protection legislation which came into effect on November 25, 2019. The new law was passed in view of the provisions of article 31 of the Constitution of Kenya, 2010 which guarantee the right to privacy as a fundamental right. Data Protection and citizens’ right to privacy is now a topical concern as evident around the world in many jurisdictions.
The increasing globalization, cross-border transactions, internet penetration and the use of social media and digital platforms among citizens, governments and the private institutions raises several data security and privacy concerns that breaches may amount to loss of reputation, identity, safety concerns, legal penalties or compensation for damages or loss of business. As a result, enactment of Data Protection legislations plays a resounding role in providing the requisite legal framework to regulate activities of market players, government and private entities, in collecting, storing, processing, accessing, transmitting, sharing and disposing of personal or corporate data among other subjects. This paper reviews the crucial provisions of the Kenya’s Data Protection law which covers regulated actions seeking compliance by data controllers and processors under the stewardship of the Office of the Data Protection Commissioner ('ODPC'). The paper will also provide a comparative analysis of the practice in other jurisdictions, case laws and court decisions, merits and demerits of data protection legislations and areas of possible data breach targets.
Access Now (Website):Access Now. (n.d).Home. https://www.accessnow.org/
Gitau. V,Ochilo Louisa (2018).Data Protection in East Africa.
The Constitution of Kenya (2010)
The Data Protection (General) Regulations, 2021
The Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021
The Data Protection (Complaints Handling and Enforcement Procedures) Regulations, 2021
The Data Protection (Civil Registration) Regulations, 2020 (DPA Regulations
The General Data Protection Regulation (GDPR) (European Union)
Nubian Rights Forum & 2 others v Attorney General & 6 others
Volker and Markus ScheckeGbR (C-92/09) and HartmutEifert (C-93/09) v State of Hesse
How to Cite
Copyright (c) 2023 Andrew Matoke Mankone
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
This license lets others remix, tweak, and build upon your work non-commercially, and although their new works must also acknowledge you and be non-commercial, they don’t have to license their derivative works on the same terms.
The Creative Commons-Attribution-Noncommercial License 4.0 International applies to all works published by IASSIST Quarterly. Authors will retain copyright of the work. Your contribution will be available at the IASSIST Quarterly website when announced on the IASSIST list server.