December 6, 2021

Examining Data Protection Practices In Kenya & Africa: Launching Key Data Reports

The Open Institute and Amnesty continue to lead the push for the championing of Data Protection and Data Rights in Kenya and beyond. Launching two reports resulting from studies on data protection practices and regimes in Kenya and beyond, we look forward to engaging with more stakeholders on this key issue of our times.

Together with Amnesty International Kenya, we have continued to push for better data governance in Kenya and beyond. Last year, we launched the #RestoreDataRights movement, together with other partners on the continent. This movement arose out of  the need to govern the data used to combat the COVID-19 pandemic. We have not been alone in this initiative; we have observed a push by different stakeholders within the movement for the recognition and respect of digital rights as human rights. 

Through our joint data governance project, we’ve been working with  Amnesty International Kenya through collaborating with  the Office of the Data Protection Commissioner (ODPC) in not only building awareness on data protection in Kenya but also advancing research on good practices that could inform the rolling out of Kenya’s Data Protection Act (2019).

In May 2021, Amnesty International Kenya published a national report that indicated that a majority of Kenyans were still unaware of the data protection law and their rights to privacy. 

Excerpt from Still Unaware Report on data protection awareness in Kenya

Starting in May 2021, the Open Institute ran a six-week social media campaign dubbed #FichaUchi that sought to raise awareness on data protection and to demystify the Data Protection Act to (especially young) Kenyans. It emerged through the campaign that many Kenyans were not aware of data protection: there are still a lot of unsafe behaviours online and offline that involve collecting personal data – but which are going unchecked due to lack of awareness. 

Cover image of the Ficha Uchi data protection campaign

Through these various initiatives, we have come to the realisation that we need to look at the structures that need to be in place to better roll-out the Data Protection Act. How can data protection be entrenched in everything we do at both government and citizen level?  

We embarked on an examination of good data protection practices in Kenya and beyond. The result of this was the creation of two reports:

1) the Subnational Data Practices In Kenya Study  by the Open Institute, and 

2) the Comparative Data Regimes Report by Amnesty International Kenya.

Both reports were launched on 1st December 2021 at the Sarova Panafric Hotel in Nairobi, Kenya. The launch was graced by more than 80 data champions consisting of members of Civil Society Organisations, Development Partners, local and international media stations, with representation  from the Council of Governors (COG)  Commission of Administrative Justice (CAJ) and the ODPC, with the Data Protection Commissioner, Ms Immaculate Kassait, giving the keynote address during the event.

Al Kags, Immaculate Kassait and Irungu Houghton during the launch of the two reports at Sarova Panafric, Nairobi

As he made the opening remarks, Mr. Irungu Houghton (Executive Director – Amnesty International – Kenya) called on the audience to retain a sense of imagination, curiosity & inquiry in the quest to re-imagine the future of Kenya and what the country would need from organisations working in the advocacy and research of data governance. 

“I still believe… that information doesn’t have as much power as imagination”.

  • Irungu Houghton, Executive Director, Amnesty International Kenya 

Our Report on Subnational Data Practices

We presented the first report on subnational data practices, and the findings were shared by Loise Mboo, Wellness Director, Open Institute. 

Our study examines national and subnational practices currently when it comes to data governance – through the lens of both Access to Information and Data Protection. We conducted sampling in 5 counties, namely:  Makueni, Taita Taveta, Kilifi, Vihiga and Bomet. Perceptions from citizens sampled and participating in focus group discussions and county government officials through key informant interviews informed the findings of the report. 50% of the county officials were confident that the citizen data they hold is safe. Conversely, 38.5% of respondents were only slightly confident that personal data collected by county governments was safe; an equal number of 38.5% were not confident at all. These are some of the findings we recorded in the report:

Ms Loise Mboo from Open Institute reporting the findings of the study
A snapshot of some findings from the Study on (Sub)National Data Practices In Kenya

The Comparative Data Regimes Study by Amnesty Kenya

Amnesty’s Comparative Data Protection Regimes Study explored data protection and data privacy globally, discussing practices and informing audiences on good practices – some of which would be ideal in Kenya. The Data Protection Commissioner was quick to commend the Commissioner Model that is employed in Kenya and other countries such as Mauritius, “That is the best model” she quipped, to the amusement of the audience.

Mr Victor Ndede from Amnesty International Kenya reporting the findings of the Comparative Data Regimes Study
Snapshot of Key parameters when it comes to the independence of the Data Protection Commissioner

Al Kags, our Executive Director took to the stage where he he emphasised the need for citizens to have a clear understanding of their data rights. He took the opportunity to set the stage for the Data Protection Commissioner, Ms. Immaculate Kassait to make the keynote address. 

In her statements, she remarked that her office was also celebrating 1 year and 15 days of being operational with some of the milestones achieved being:

  1. The tabling of of the draft regulations;
  2. The release of the strategic plan;
  3. The development of several guidelines including the Data Protection Impact Assessment.

“We are looking at having standard operating procedures to ensure we have systems in place that outlive us.”

  • Immaculate Kassait, the Data Protection Commissioner, Kenya

Ms. Kassait called on stakeholders to appreciate the provisions of the Data Protection Act, 2019 and the task at hand that required all to embark on compliance and self-regulation, and flood the digital market because of the shortage of data scientists in the country. As she closed her remarks, she made the rallying call for all stakeholders to push for digital rights.

“…The time has come for us to push collectively for digital rights.”

Immaculate Kassait, Data Protection Commissioner

Why do the Reports Matter? 

The two research reports are a first in terms of: 

  1. Examining the existing laws that govern data protection and access to information globally, nationally and subnationally. 
  2. Fostering discussions with citizen groups and county government officials to understand actual practices (and policies) on the ground when it comes to exercising the rights, responsibilities and opportunities contained in the Kenya Data Protection Act of 2019.
  3. Understanding data protection regimes across the world aimed at generating best practices to inform Kenya’s Office of the Data Protection Commissioner as it rolls out the Data protection Act, 2019.

We hope that they will be useful tools in the the practice of advancement of  data governance in Kenya because they set out to.

Click below to read the reports:

Share this post:

Discover more articles