A new data protection law in Kenya is setting a high standard for the rest of the continent.
As the country looks to engender more safeguards in the collection, handling and sharing of data, Kenya’s president Uhuru Kenyatta has approved legislation which complies with the European Union’s General Data Protection Regulation.
The new law outlines restrictions on data handling and sharing by government and corporations. Any infringements of the new law will be investigated by an independent office with violators facing two-year prison sentences or fines of up to $29,000.
The legislation comes amid increased calls for African governments to pay more attention to protection of data “to prevent governments and corporations from overstepping their boundaries by articulating the rights and freedoms of people in digital spaces.” The need is even more urgent given the rapid and ongoing adoption of mobile technology and digital apps. There’s also a concern in some quarters that Silicon Valley’s giants including Facebook, WhatsApp and Google are able to freely collect consumer data in African countries without any limits.
It’s a call that’s resonated particularly in Kenya and across East Africa especially as digital lending apps in the region have come under scrutiny for predatory tactics which involve determining credit worthiness by accessing smartphone data including SMS, call logs, bank balance messages and bill payment receipts.
For its part, the Kenya government views data protection legislation as crucial not just for its social utility but also for encouraging more investment in its tech sector. And there’s an early sign that it could pay off: Amazon Web Services, the cloud computing arm of the global retail giant, has confirmed plans to build some of its infrastructure in Kenya as it expands its operations on the continent. AWS is already set to open a data center in South Africa next year.
More stringent data protection regulation could also be a boon for the government too: so far its plan to digitize citizens’ identities, include storing DNA data, has faced widespread criticism over concerns about the handling and storing of the information.