A parliamentary committee has proposed a raft of amendments to Data Protection Bill, 2019 that if passed, will require State agencies seeking to retrieve data on individuals under investigation to secure court orders first.

State agencies can access personal data at will but this will change if MPs adopt the bill based on recommendations of the National Assembly Committee on Communication, Information and Innovation in its report before the House.

The committee chaired by Marakwet West MP William Kisang notes that court orders will help protect the rights of data subjects from flagrant abuse by government agencies and other entities.

It also wants other public bodies to secure the orders before accessing the personal data.


However, the committee has recommended that the requirement of a court order be exempted on a case by case basis, especially if the processing of personal data is for the public interest – tracking terrorism suspects as well as individuals with taxation issues among others.


“Public interest is a broader concept, which encompasses an interest that is common concern among citizens in the management of local and national affairs,” the committee’s report reads.

Although the original bill had proposed a fine not exceeding Sh3 million or an imprisonment term not exceeding two years or both for those who violate the law, the committee says the sentence is “too lenient”.

While maintaining the fine as is in the bill, the committee wants offenders to serve 10 years in jail so that persons are deterred from committing offences under the Act.

“The proposed two-year imprisonment sentence is too lenient and may not serve the purpose of ensuring protection of personal data.”


On Monday, Mr Kisang said he hopes his colleagues will adopt the committee’s recommendations to ensure civility and order in management of personal data.

“Those seeking the information must go to court first so that people’s rights are not abused,” he said in a move that will also compel telcos to release data through court orders.

In the recent past, the telcos have connived to leak individual’s private phone conversations without their knowledge and court orders.

Some individuals have also recorded and shared such conversations without the consent of their subjects, and with social media, they have gone viral.

“Telcos will not be spared. They will be required to release the information through a court order,” the MP said.

Mr Kisang also noted State agencies such as the Kenya Revenue Authority will be exempted from the requirement of a court order as they serve courses that are of public interest.

The taxman is known to do a lot of data analytics in the pursuit of tax evaders and is required to work closely with the other agencies and other employing organisations.


In July, Facebook was fined $5 billion in the US for deceiving users about their ability to keep personal information private after a year-long investigation into the Cambridge Analytica data breach, according to The Guardian of the UK.

The fine was imposed by the Federal Trade Commission (FTC), the US consumer regulator that also announced a lawsuit against Cambridge Analytica.

In Kenya, Director of Public Prosecution Noordin Haji and Director of Criminal Investigations George Kinoti suffered a setback after a High Court dismissed a suit against Deputy Chief Justice Philomena Mwilu.

This was after it was discovered that they accessed her personal data without a court order.

With the absence of an enabling law, the court made its determination on the strength of chapter four of the Constitution.