When the internet first made its way into Kenya in the late 1990s, many of us in the ICT space saw it as the great equalizer—an opportunity for a developing nation to bridge the digital divide and catch up with the rest of the world. Over the years, Kenya has indeed emerged as a technology hub in Africa, with innovations like M-PESA and thriving tech startups. However, as we embraced digital platforms and integrated the internet into our daily lives, one critical issue has remained largely neglected: data privacy.
Today, millions of Kenyans unknowingly give away their personal information to tech giants such as Google, Meta (formerly Facebook), and others in exchange for “free” services. What many don’t realize is that this information is more valuable than gold in the digital economy. Our online behavior, location data, personal preferences, and communication patterns are being harvested and monetized, often with little to no accountability in Kenya.
Big Tech: Global Powerhouses, Local Impunity
In the United States and the European Union, these platforms operate under strict regulatory scrutiny. The General Data Protection Regulation (GDPR) in the EU is one of the world’s most robust privacy frameworks. It requires companies to obtain explicit user consent, disclose how data is used, and give users the right to access and delete their data. Non-compliance attracts massive fines—up to 4% of a company’s global revenue.
In the U.S., while not as stringent as Europe, companies like Facebook and Google have still faced multi-billion-dollar penalties from the Federal Trade Commission (FTC) and other regulatory bodies for breaches of user trust and misuse of data. These consequences force tech firms to invest heavily in compliance and transparency—practices that often do not extend to African markets.
In contrast, Africa—and Kenya in particular—has largely remained a digital wild west when it comes to user data. Yes, Kenya has a Data Protection Act (2019) and a Data Protection Commissioner, but enforcement is weak, awareness is low, and many multinational platforms operate as if these laws do not exist. They collect and use data from Kenyan users without meaningful consent or accountability, something they would never get away with in Europe or North America.
Why Self-Regulation Won’t Work
Tech companies have repeatedly claimed they can self-regulate. But history has shown that profit will always come before privacy unless external pressure is applied. These companies are driven by business models that rely on the monetization of user data. Expecting them to limit their own access to this data is akin to asking a predator to guard its prey.
We have seen multiple global scandals—from Cambridge Analytica to the manipulation of democratic processes using user data. Without laws that are enforced by governments, platforms will continue to extract value from our personal information while exposing us to surveillance, manipulation, and exploitation.
The Kenyan Reality: No Privacy, No Power
In Kenya, many users do not even realize how much data they’re giving away—let alone the consequences. Data collected by these platforms can be used to influence elections, exploit economic vulnerabilities, or even surveil populations. Our lack of digital literacy and legal protection makes us a prime target.
Moreover, the government itself is increasingly relying on digital platforms, from Huduma Namba to online tax and health systems. If these platforms or government systems are compromised, the consequences for national security and individual freedom could be devastating.
What Needs to Happen
1. Stronger Enforcement of Existing Laws: Kenya must fully empower and fund the Office of the Data Protection Commissioner (ODPC) to audit, investigate, and sanction non-compliant companies—local or foreign.
2. Legislative Upgrades: Our data privacy laws need to be aligned with international best practices like the GDPR. This includes stronger penalties, better user consent frameworks, and clarity on cross-border data flows.
3. Public Awareness Campaigns: Kenyans need to be educated about their digital rights and the value of their data. This is not just about privacy—it’s about power in the digital age.
4. Government Accountability: The Kenyan government must lead by example and ensure that its own use of data is ethical, transparent, and secure. Public sector compliance is key to setting the tone for the private sector.
5. Pan-African Collaboration: African countries must work together to develop regional standards and enforcement mechanisms. Data does not recognize borders—our protections shouldn’t either.
Conclusion
As someone who has been part of Kenya’s digital journey from the start, I am both proud and concerned. Proud of how far we’ve come, but concerned about how vulnerable we remain in the hands of powerful digital entities.
The dream of digital transformation is not just about access—it’s about dignity, autonomy, and security. If Kenya wants to be a true digital leader, we must demand more than just connectivity—we must demand privacy and protection for every citizen. And that begins with bold, enforceable laws that make even the biggest tech giants respect our digital sovereignty.
Let us not wait until it’s too late.
