DATA PROTECTION IN KENYA

The Data Protection Act (DPA)  became operational on the 25th Nov, 2019. The Act gives effect to articles 31 (c) and (d) of the  Constitution of Kenya, 2010.  In that respect, the DPA establishes the office of the Data Protection Commissioner (the ODPC) provides for the processing of personal data, and sets out the rights of data subjects as well as obligations of data processes and data controllers.

The ODPC has the mandate to protect the privacy of individuals and oversee the enforcement of the DPA. On this basis the ODPC is mandated to receive and investigate any complaint on infringement of privacy rights under the DPA.

Some of the important aspects to be noted when filing or defending a complaint as far as an authorized disclosure of personal or sensitive data. 

1. JURISDICTION AND TIMELINES

     The ODPC is mandated by the DPA  to be responsible for the enforcement of data protection, including receiving and investigating complaints relating to the unlawful disclosure of personal and sensitive personal data.  Section 56 (5) of the DPA prescribes that a complaint should be investigated and determined within (90) days.  

The import of this is that in the event a determination is made outside of the prescribed timelines such determination is rendered time-barred. Therefore, the ODPC's jurisdiction to handle complaints is strictly time bound, hence once the prescribed ninety days have lapsed, its jurisdiction is extinguished.

2.  LOCUS STANDI

       A complainant under the DPA must have a legal right or capacity to bring a claim for breach of privacy and data protection rights on their own behalf and on behalf of their clients. 

The ODPC interpretation of the scope of the DPA is that the Law aims to protect the personal data of an identified or identifiable natural person. 

The DPA exclusively protects the privacy rights of natural persons and consequently, it is only natural persons who have the legal capacity to institute claims for breach of their data protection rights.  

3. BREACH

    The DPA  prohibits the processing of personal data without consent or a lawful reason and purpose. Under section 72  an offense is imposed upon a data controller or processor for unauthorized disclosure without prior lawful purpose, consent, or in a manner contrary to the principles of data protection. 

The ODPC will investigate whether there is any unlawful disclosure of personal and sensitive data which amounts to a breach of the DPA.


DISCLAIMER:- This article is not meant to be construed as a legal opinion or advise, but for information purpose only. For any legal advice or consultation kindly contact; Wakili Wangu Kimure 

0716912966; kellenkimure@gmail.com





Comments

Post a Comment

Popular posts from this blog

⚖️ Safeguarding Our Future: Children’s Rights Under Kenya’s Children Act, 2022 As a lawyer, I have stood in courtrooms where the fate of children hung in the balance. Each case reminds me that the Children Act, 2022 is not just legislation—it is a shield, a voice, and a promise to Kenya’s youngest citizens. 🧒 Key Rights Every Child Is Guaranteed 1. Right to Survival and Development Every child has the right to life, survival, and holistic development—covering physical, emotional, and social well-being. Parents and the State must provide nutrition, shelter, and healthcare. 2. Identity and Belonging From birth, a child is entitled to a name and nationality. The Act protects against statelessness and affirms the child’s right to family and community belonging. 3. Best Interests Principle In all decisions—whether in courts, schools, or homes—the best interests of the child must come first. 4. Non-Discrimination Children are shielded from discrimination based on gender, disability, ethnic...
Read more
  Matrimonial Property in Polygamous Marriages in Kenya: How Do Courts Divide Property? Polygamous marriages present unique legal and practical challenges when it comes to the division of matrimonial property. Where a husband has married more than one wife, questions often arise regarding how property is shared among the spouses and households , especially upon divorce or the death of the husband. Kenyan law recognizes polygamous marriages and provides guidance on how matrimonial property should be treated in such unions. However, the process of determining each spouse’s entitlement requires careful consideration of contribution, the structure of the marriage, and the specific property involved . This article examines how Kenyan law addresses matrimonial property in polygamous marriages and the principles courts apply when resolving disputes. Recognition of Polygamous Marriages in Kenya Polygamous marriages are recognized under the Marriage Act, 2014 . The Act recognizes certain...
Read more
  Contribution in Matrimonial Property Disputes: Monetary vs Non-Monetary Contribution in Kenya Matrimonial property disputes remain among the most contested aspects of divorce proceedings in Kenya. At the heart of these disputes lies a central legal question: What amounts to contribution, and how do courts assess monetary versus non-monetary contribution? The answer is found in the Matrimonial Property Act, 2013 , judicial interpretation, and evolving constitutional principles. This article examines how Kenyan courts balance financial input with unpaid domestic and supportive roles when dividing matrimonial property. The Legal Foundation Section 7 of the Matrimonial Property Act, 2013 provides that matrimonial property shall be divided according to the contribution of each spouse upon dissolution of the marriage. Section 2 of the Act defines contribution to include both: Monetary contribution , and Non-monetary contribution , such as: Domestic work and management of the...
Read more