Icons made by itim2101 from

By Godana Galma


The Copyright (Amendment) Act (2019) (the Act) introduced a Notice and Takedown (NTD) regime in the country’s legal system. Most jurisdictions have adopted NTD as the legal standard to address copyright infringement within cyberspace.[1] This blogger commends the Act for addressing the interests of copyright holders with regard to online infringement. However, apart from copyright, there are other rights that are affected by the structure set out in the Act.

While previous posts relating to the Act have dealt primarily with Intellectual Property considerations, this piece will attempt to highlight both the direct and indirect implications of the Act on digital rights. This analysis will be used to formulate recommendations on how to achieve a balance between copyright and digital rights.



The right to access information enables citizens to obtain information held by state agencies. In some instances, it extends to private persons. It is based on the premise that governments hold information not for themselves but on behalf of the public. Information-access laws foster transparency and accountability in decision making allowing citizens to participate in governance.[2]

In Kenya, this right is enshrined in Article 35(1) of the Constitution of Kenya (2010)[3] and the Access to Information Act (2016).[4]

This blogger opines that the above right is directly limited by Section 35B (5) which states,

“An Internet Service Provider (ISP) shall disable access to the material within forty eight business hours unless it receives a counter notice fulfilling the requirements set out for a takedown notice and contesting the contents of the takedown notice.”

When an ISP complies with a takedown notice, a number of parties are affected. They are: the person issuing the notice, the ISP, the content publisher and other internet users who want to view the content.

This provision recognizes the interests of content publishers by implicitly providing for the remedy of issuance of a counter notice.[5] However, it fails to provide mechanisms through which content can be reinstated.  In so doing, it ignores the interests of other internet users who may want to access the content. Once a takedown notice is implemented, such individuals have no recourse whether or not actual infringement is upheld. To the extent that there is no restorative mechanism, the NTD structure limits the right of access to information.

In contrast, the United States’ Digital Millennium Copyright Act (1998) recognizes the information-access rights of these other users and providing an elaborate structure through which content may be restored by ISPs.[6]

Additionally, there is no mandate for the Kenya Copyright Board or ISPs to maintain records or a repository regarding NTDs. Availing such information is important not only for users but also for the general public’s right of access to information.[7]


Freedom of expression is the right to communicate or express ideas, opinions or beliefs through any media without restraint.[8] This right protects an individual’s autonomy to form his/her own worldview from unjustified censorship.[9] Free speech is constitutionally recognized in Article 33.

This blogger contends that the NTD structure has an indirect effect on the freedom of expression. The framing of certain provisions in the Act promote a culture of censorship.

 Section 35A (1) (b) (v) provides,

“An ISP Provider shall not be liable for infringement…so long as the ISP removes or disables access once it receives a takedown notice…”  

This provision conditions the grant of safe harbor[10] on compliance with takedown notices.Under the Act, an ISP has a maximum of 48 hours to comply with takedown requests.[11] Section 35B (6) further states,

 “An ISP which fails to take down or disable access when it receives a takedown notice shall be fully liable for any loss or damages resulting from non-compliance to a takedown notice without a valid justification.”

While this section gives ISPs a defense to non-compliance, it fails to define what constitutes ‘valid justification.’ Section 35B (10) further provides,

“An ISP Provider shall not be liable for wrongful takedown in response to a valid takedown notice.”

While ISPs face severe criminal sanctions for failure to takedown content, they enjoy immunity against wrongful takedown.

These provisions, when read together, incentivize ISPs to act in a certain manner. First, they condition safe harbor on compliance with takedown notices. Secondly, they give ISPs an extremely short window within which to comply with notices. Lastly, they grant ISPs protection against liability arising out of wrongful takedown. This deliberate framing of these provisions places ISPs in a precarious position. ISPs are forced to weigh the immediate danger of losing their safe harbor against the perceivably lesser threat of upsetting their users.

Thus, there is a general propensity for ISPs to lean on the side of caution and censor the content in question regardless of whether actual infringement has occurred.  While the Act does not explicitly impede free speech, it deliberately promotes a culture of censorship within the conduits of such speech. This is what this blogger refers to as the indirect effect on free speech.


The right to privacy is an individual’s right against undue intrusion into fundamental personal matters by public or non-public bodies. Privacy protects us from having information on personal matters unduly publicized or revealed.[12] The digital right to privacy has come under focus in light of the invasive culture pervading the information age. The right to privacy is enshrined in Article 31 of the Constitution.[13]

While privacy is the foundation of a number of individual freedoms, perhaps its most crucial element in modern times is the protection of personal data.[14] In this regard, Parliament passed the Data Protection Act (2019) which provides the legal and institutional mechanism for the protection of personal data.

As with free speech, the Act does not expressly set out to limit the right to privacy. However, the particular wording in certain provisions may indirectly affect the privacy rights of users. Section 35A (1) (c) (ii) states,

“An ISP shall not be liable for damages arising from material stored at the request of the recipient of the services, as long as it is not aware of the facts or circumstances from which the allegedly infringing activity or infringing nature of the material is not apparent”

This blogger pays particular emphasis to this provision as it imposes liability upon ISPs where the infringing nature of the material is ‘apparent.’ The particular wording of this provision can be said to impose a kind of ‘constructive knowledge’[15] obligation on ISPs.[16]

As private entities, ISPs should not be tasked with public enforcement roles.[17] They cannot be expected to determine whether content on their platform is actually infringing as this constitutes a judicial role. Imposing such duties may force them to aggressively police their servers for any sign of infringement. The privacy implications of this scenario are apparent (no pun intended).

In such instances, conducting a surveillance on the activity of users may inadvertently reveal a user’s personal information such as identity and location data.[18] Therefore, by imposing public roles on ISPs, the Act may indirectly infringe on the privacy rights of users.


The Acthas to a great deal, addressed the plight of copyright holders in terms of protecting their works in the digital sphere. However, in so doing, it has directly and indirectly affected other rights of content publishers and other internet users. Drawing from this analysis, this blogger makes certain recommendations.

First, there is need for fundamental reforms to the NTD structure and to develop a framework that embodies interests of all concerned parties.  Rather than incentivizing ISPs to protect themselves, the Act can achieve a degree of balance by imposing correlating duties to protect the interests of other parties i.e. privacy and information-access. This framework may also relieve ISPs of public roles such as the aforementioned constructive knowledge obligations. Such reforms will ensure that ISPs aren’t encouraged to infringe on the rights of other parties in the name of compliance.

This blogger also calls for greater transparency in the takedown notice process. An ideal framework should integrate the interests of other internet users by providing an elaborate process through which content can be restored. Additionally, this piece suggests the development of a process for recognition of a representative body for ISPs. This body should be tasked with a number of obligations such as keeping records. This blogger draws this suggestion from the South African Electronic Communications and Transactions Act (2002) which lays down a clear procedure for recognition of a representative body.[19] Whilst the Act alludes to the recognition of an umbrella association,[20] it does not explicitly define its roles nor the conditions for its recognition. Such a procedure would go a long way in promoting transparency and accountability in the takedown process.

(An upcoming post will focus on the place of automation and the effects of utilizing robotic processes in implementing takedown notices.)

[1] The NTD model introduced by the Digital Millenium Copyright Act (1998) has largely become the standard with nations adopting its basic structure. It was adopted in Europe through the EU’s Electronic Commerce Directive (2000).

[2] P. Gathu, H. Kahindi, ‘Access to Information in Kenya’ Tranparency International,Adili, Issue 155 at

[3] Article 35 provides (1) Every citizen has the right of access to (a) information held by the State; and (b) Information held by another person and required for the exercise or protection of any right or fundamental freedom.

[4] This Act provides a framework to facilitate disclosure of information held by public entities and private bodies. For instance an individual can seek to access details regarding the government’s revenues and spending which they can obtain from the Budget Documents availed by the National Treasury.

[5] The right to issue a counter notice, though not directly stated, is implied in Section 35B (5) of the Act

[6] S.512, Digital Millenium Copyright Act (1998)

[7] Article 19, ‘Kenya: Copyright (Amendment) Bill 2017’ at

[8] Duhaime’s  Law Dictionary, ‘Freedom of Expression’ at

[9] A. Barak, ‘Freedom of Expression and its Limitations’ Kesher / קשר, No. 8, 1990, pp. 4e–11e at

[10] A safe harbor is a provision in legislation that provides protection from liability or penalties upon fulfillment of certain conditions. Safe harbor provisions are used to protect parties who act in good faith but violate the law on technicalities beyond their reasonable control.

[11] Section 35B (5), Copyright (Amendment) Act 2019

[12] ‘Right to Privacy’ Wex Definitions, Legal Information Institute at

[13] Article 31 of the Constitution provides, “Every person has the right to privacy, which includes the right not to have—(a) their person, home or property searched;(b) their possessions seized;(c) information relating to their family or private affairs unnecessarily required or revealed; or(d) the privacy of their communications infringed.”

[14] Excerpt from B. Rossler, ‘The Value of Privacy’ (Cambridge: Polity Press 2005) as cited by Justice Odunga in ANM & another v FPA & another [2019] eKLR at

[15] Constructive knowledge is a legal term for information that a party is presumed by law to have and which is obtainable by reasonable inquiry.

[16] ILP Abrogados ‘Actual Knowledge, Constructive Knowledge, Imputed Knowledge and To the Seller´s Knowledge in a Purchase Agreement’ at

[17] ISPs are mere private entities offering services to their clients for consideration. As such, they should not be burdened with the obligation to enforce copyright. This mandate falls within the purview of public entities such as KECOBO.

[18] Content recognition and filtering tools generally rely on fingerprinting and watermarking technology, which entail ‘real-time’ monitoring and identification of infringing material before blocking access. These tools conduct a surveillance of network packets thereby revealing personal information. See

[19] Section 71, Electronic Communications and Transactions Act (No. 25 of 2002)

[20] Section 35B (2) (h) Copyright (Amendment) Act (2019)

Leave a Comment

Your email address will not be published. Required fields are marked