CIPIT launches checklist on privacy and security in Kenyan legislations

Icons made by Freepik from www.flaticon.com

By Jentrix Wanyama

Over the last couple of years, Kenya has experienced a significant surge in insecurity. Notably, the country has seen a rise in terror attacks and cyber crime in its various forms. On the legislative front, security attacks have been met by a discernible trend: the enactment of a reactionary law, which is then flagged by human rights advocates for infringing on fundamental rights and freedoms. Next, a tedious court process in which the court has to weigh limitations in the law and adjudicate on whether the limitations are constitutional or not.

Pieces of legislation that have followed this cycle include the infamous Security Laws (Amendment) Act (SLAA) and the Computer Misuse and Cybercrimes Act in 2014 and 2018 respectively. More recently, the Statute Law (Miscellaneous Amendment) Act introduced the National Integrated Information System (NIIMS), a system was, and is still being contested in court.

Though separated by time and scope, the issues that arose in court in respect to these laws are cunningly similar. CORD & 2 others v Republic & 10 others successfully challenged the constitutionality of several sections of SLAA for violating a number of constitutional rights.[1] In The Bloggers Association of Kenya (BAKE) v Attorney General & 3 Others,[2] 23 sections of the Computer Misuse and Cybercrimes Act were suspended from coming into force. Lastly, in Nubian Rights Forum & 2 others v Attorney-General & 6 othersis currently challenging the constitutionality of the Statute Law (Miscellaneous Amendment) Act of 2018 for, amongst others, the violation of the right to privacy.

The similarity in the above cases, and more, is telling of a legislative system that perhaps does not take adequate consideration of fundamental rights and freedoms, especially where security needs are involved. This results in a court process which is both time and financially consuming. It is for this reason that the Centre for Intellectual Property and Information Technology Law (CIPIT) sought to bridge the gap by providing a resource of standards to consider when legislating on security provisions. Particularly, we looked at the right to privacy given its prominence both locally and internationally in recent events.

 The project took a multi-stakeholder approach, with respondents from the Judiciary, Parliament, Law Society of Kenya, Kenya Law Reform Commission and civil society represented by Katiba Institute. The result is a ten-point checklist that is based on the proportionality principle as provided under Kenyan law. Through the checklist, CIPIT hopes to provide a practical guideline on how to best ensure proportionality and the rule of law while seeing to the security needs of the country. The checklist can be found here.


[1] eKLR (2015).

[2] eKLR (2018).

Leave a Comment

Your email address will not be published. Required fields are marked