On 9 August 2024, the Government of Kenya introduced the Computer Misuse and Cybercrimes (Amendment) Bill, 2024 through Kenya Gazette Supplement No. 156. The Bill has since raised intense debate, attracting both support and constitutional challenges in court.
At Data Governance Africa, we examine the Bill through the lens of our core pillars: AI, Data Protection, Data Governance, and Cybersecurity.
1. Cybersecurity: Expanding Powers and Controls
- Device & Website Deactivation: The Bill empowers the Communications Authority of Kenya (CAK) to deactivate phones, computer systems, or websites suspected of being used for crimes such as child pornography, terrorism, or “extreme religious/cultic practices.”
- Court Oversight: Law enforcement and cybercrime experts would need to obtain court orders before executing such takedowns.
- National Coordination: The National Computer and Cybercrimes Coordination Committee would gain new authority to order blocking of websites and apps across Kenya.
Recent events already show the risks of such powers. During demonstrations earlier this year, several media houses reported that their live streams were shut down at the broadcast boosters by the Communications Authority, despite a court order terming such interference illegal. This highlights the thin line between protecting national security and curtailing freedoms when enforcement powers are unchecked.
2. Data Protection: The Rights and Freedoms Question
- The Bill’s enforcement mechanisms risk infringing on the right to privacy and freedom of expression guaranteed under Kenya’s Data Protection Act and the Constitution.
- Civil society and petitioners argue the vague reference to “extreme religious and cultic practices” could open the door to surveillance or censorship beyond the Bill’s intended scope.
- Data protection experts are already contesting ongoing initiatives by the Kenya Revenue Authority (KRA) and the Communications Authority to track individuals through IMEI numbers on phones and electronic gadgets. These developments signal a growing culture of surveillance that may normalize intrusion into citizens’ digital lives.
3. Data Governance: Who Decides, and How?
- The Bill places significant enforcement authority in the hands of CAK and the National Cybercrimes Committee, but critics argue this overlaps with existing powers of the police and the Director of Public Prosecutions (DPP).
- Kenya’s enforcement landscape is already a labyrinth, with multiple regulators and agencies overstepping or duplicating mandates. This has created confusion for businesses, citizens, and even government bodies themselves.
- Without transparent decision-making and accountability structures, governance risks drifting toward centralised control rather than collaborative oversight.
Clarity in governance structures is not just a legal necessity but also an enabler of trust in Kenya’s digital economy.
4. Artificial Intelligence (AI): Future-Proofing Cybercrime Laws
- Although the Bill does not directly mention AI, its provisions could affect AI-driven platforms that host or moderate digital content.
- AI-generated illegal content (such as deepfake child pornography or extremist propaganda) is an emerging frontier in cybercrime. Kenya’s amendments should anticipate such realities.
- Without AI-specific safeguards, enforcement may either lag behind technological misuse or risk over-regulation that stifles beneficial AI adoption.
Conclusion: Striking the Balance
The Computer Misuse and Cybercrimes (Amendment) Bill, 2024 highlights Kenya’s urgent need to address cybercrime. Yet, the constitutional challenge, and the vagueness of certain clauses show that Kenya must carefully balance cybersecurity with rights, governance, and innovation.
At Data Governance Africa, we advocate for laws that are:
- Rights-respecting
- Clear in scope and definitions
- Future-proof for AI and emerging technologies
Kenya stands at a critical juncture: the choices made in this Bill will shape the country’s digital governance for years to come.