This archive report was first published on 8 November 2019.
On November 8, 2019, President Uhuru Kenyatta signed the Data Protection Bill 2019 into law, marking a significant milestone in Kenya's data protection journey.
The new law establishes the office of the Data Commissioner, a position that will oversee the protection of personal data processed by both public and private entities.
Majority leader Aden Duale and National Assembly speaker presented the bill before the president, and the signing was witnessed by key government officials, including Head of Public Service Joseph Kinyua, ICT CS Joe Mucheru, Attorney General Paul Kihara, and State House Deputy Chief of Staff Njee Muturi.
According to a statement from State House, the new law sets out key principles that will govern data processing, outlines the rights of data subjects, and assigns duties to data controllers and data processors.
“The new data law establishes the office of the Data Commissioner and sets out the requirements for the protection of personal data processed by both public and private entities. It further outlines key principles that will govern data processing, sets out the rights of data subjects and assigns duties to data controllers and data processors…” the statement reads in part.
The new law will see individuals and companies who are found violating the privacy of Kenyan citizens' data face stiff penalties, including fines not exceeding three million shillings or imprisonment terms not exceeding 10 years.
Organizations, including Safaricom, have faulted the state for failing to provide a reliable data protection framework for shaping ICT policies in the country.