Is Privacy Right Under Threat?


Recent media reports suggest that the Communications Authority of Kenya intends to roll out an application capable of tapping into a mobile carrier’s network enabling the Authority to access personal information from people using that carrier’s network. The Authority clarified that the application is intended to curb the proliferation of counterfeit devices by identifying and isolating those devices and denying them access to services, and that it is not intended for the collection of users’ personal information. Despite this, questions as to data protection for users of the mobile networks have arisen.

Current position

In general, phone tapping, surveillance and interception of communications violate a persons’ right to privacy.

The Constitution provides that every person has the right to privacy, which includes the right not to have information relating to family or private affairs unnecessarily required or revealed.

In addition, the Constitution grants every person the right to institute court proceedings when his/her fundamental rights or freedoms, such as the right to privacy, has been denied, violated, infringed or is threatened.

However, the Kenya Information and Communications Act  (“KICA”), provides that the Cabinet Secretary in charge of Information and Communication has the power to make regulations in relation to a telecommunication service and, specifically, to make regulations on the privacy of telecommunications.

Pursuant to this provision, the KICA Consumer Protection Regulations provide that a customer has a right to personal privacy and protection against unauthorised use of personal information and specifically restrict a telecommunication licencee from allowing any person to monitor or disclose the content flowing through their system.

In addition, the KICA Registration of Subscribers of Telecommunication Services Regulations bar the sharing of subscriber data by mobile providers without the express authority of the affected subscriber.


The current legal position in Kenya is that any person, including public entities, collecting personal information has to abide by the Constitutional provisions of the Right to Privacy and the KICA regulations on consumer/customer protection.

For now the High Court has granted orders stopping the implementation of the Communication Authority’s alleged directive. The matter is due to be heard on 6 March 2017.

Should you have any queries or need any clarifications with respect to the above, please do not hesitate to contact Dominic Rebelo or Anne Kiunuhe.

For more on Africa Legal Network, click here.