Database

Browse Database

KENYA

Since 2019

Pillar Domestic Data policies  |  Sub-pillar Minimum period for data retention
Guidelines for Reporting on SIM-Card Registration by Telecommunications Operators of 2019
Guide 7 of the Guidelines for Reporting on SIM-Card Registration by Telecommunications Operators of 2019 several things measures that the telecommunications operators are expected to do in the registration of SIM Cards and while again the time for retention is not specifically stipulated, the data collected on each mobile user is expected to be held for as long as the user is holding the telecom's SIM card and using their services.
Coverage Telecommunications sector

KENYA

Since November 2011

Pillar Domestic Data policies  |  Sub-pillar Minimum period for data retention
National Payment System Act No. 39 of 2011
Section 26(1) of the National Payment Act provides that the Central Bank, the Central Bank settlement system participants, payment clearing house system operators and system operators, shall retain all records obtained by them during the course of the operations and administration of a payment system or the issuance of a payment instrument, for a period of seven years from the date of each particular record.
Coverage Financial sector

KENYA

N/A

Pillar Cross-border data policies  |  Sub-pillar Participation in trade agreements committing to open cross-border data flows
Lack of participation in agreements with binding commitments on data flows
Kenya has not joined any free trade agreement committing to open transfers of cross-border data flows.
Coverage Horizontal

KENYA

Since August 2015

Pillar Domestic Data policies  |  Sub-pillar Minimum period for data retention
The Kenya Information and Communications Act (Registration of SIM Cards) Regulations 2015
While The Kenya Information and Communications Act (Registration of SIM Cards) Regulations 2015 does not specify any period of retention of data, Section 4 (4) require that the telecommunications companies provide quarterly records of all registered SIM Cards and a report of the maintenance of the records of SIM Cards registered as under the Regulations. This inadvertently means that there is a requirement for these record of SIM Card registration almost indefinitely and regular updates are expected by the Kenya Communications Authority.
Coverage Telecommunications sector

KENYA

Since November 2019

Pillar Cross-border data policies  |  Sub-pillar Conditional flow regime
Data Protection Act No. 24 of 2019
Art. 48 of the Data Protection Act No. 24 of 2019 states that a data controller or data processor may transfer personal data to another country only where the data controller or data processor has given proof to the Data Commissioner on the appropriate safeguards with respect to the security and protection of the personal data. Alternatively, data can be transferred if the transfer is necessary for: the performance of a contract; for any matter of public interest; for the establishment, exercise or defence of a legal claim; in order to protect the vital interests of the data subject or of other persons; or for the purpose of compelling legitimate interests pursued by the data controller or data processor which are not overridden by the interests, rights and freedoms of the data subjects.
Art. 49 highlights safeguards prior to transfer of personal data out of Kenya, which include: (1) The processing of sensitive personal data out of Kenya shall only be effected upon obtaining consent of a data subject and on obtaining confirmation of appropriate safeguards; (2) The Data Commissioner may request a person who transfers data to another country to demonstrate the effectiveness of the security safeguards or the existence of compelling legitimate interests; (3) The Data Commissioner may, in order to protect the rights and fundamental freedoms of data subjects, prohibit, suspend or subject the transfer to such conditions as may be determined.
Coverage Horizontal

KENYA

Since August 2020, last amended in April 2021

Pillar Cross-border data policies  |  Sub-pillar Ban to transfer and local processing requirement
National Information, Communications and Technology (ICT) Policy Guidelines of 2020
The National ICT Policy Guidelines (paragraph 4.4) provide that all arms of government build, deploy, operate and manage locally built back-end and front-end systems. The Guidelines also require that all Kenyan data remains in Kenya and is stored safely and in a manner that protects the privacy of citizens to the utmost.
Coverage Public sector

KENYA

Since November 2019

Pillar Cross-border data policies  |  Sub-pillar Ban to transfer and local processing requirement
Data Protection Act No. 24 of 2019
Art. 50 of the Data Protection Act No. 24 of 2019 states that "the Cabinet Secretary may prescribe, based on grounds of strategic interests of the state or protection of revenue, certain nature of processing that shall only be effected through a server or a data centre located in Kenya."
Coverage Horizontal

KENYA

Since August 2020, last amended in April 2021

Pillar Telecom infrastructure and competition  |  Sub-pillar Maximum foreign equity share for investment in the telecommunication sector
The National Information Communications and Technology (ICT) Policy Guidelines, 2020
According to The National Communication and Information Technology Policy Guidelines 2020 (paragraph 6.2.4), as last amended in April 2021, it is required for telecommunication companies to have at least 30% Kenyan ownership for the Communications Authority to grant it a license. This requirement should be met within three years of being licensed, although it is possible to seek an exemption or extension.
Coverage Telecommunications sector

KENYA

Since 2010

Pillar Telecom infrastructure and competition  |  Sub-pillar Presence of shares owned by the government in telecom companies
Presence of shares owned by the government in the telecom sector
The Kenyan government has stakes in several telecom companies. It ows 35% of Safaricom Limited, 35% of Vodacom, 5% of Vodafone and 30% of Telekom Kenya.
Coverage Telecommunications sector

KENYA

N/A

Pillar Telecom infrastructure and competition  |  Sub-pillar Functional/accounting separation for operators with significant market power
Lack of mandatory functional separation for dominant network operators
It is reported that Kenya does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, there is an obligation of accounting separation.
Coverage Telecommunications sector

KENYA

N/A

Pillar Intellectual Property Rights (IPRs)  |  Sub-pillar Effective protection covering trade secrets
Lack of effective protection of trade secrets
Kenya does not have a comprehensive framework in place that provides effective protection of trade secrets, but there are limited measures addressing some issues related to them. The protection of trade secrets is mostly by way of common law and equity (and there are a few judicial decisions on this topic). Trade secret protection can be inferred from common law protection of confidentiality. However, regarding whether trade secrets are kept confidential during court proceedings, there is currently no clear judicial precedent on the handling of evidence containing a trade secret while still maintaining its confidentiality. A review of the available case law shows that such matters are determined on a case-by-case basis, and one must demonstrate that the trade secret is indeed useful and applicable in the relevant trade or industry; is not public knowledge or public property; is of economic value to the business seeking to protect it and that the disclosure of such information would be prejudicial to the business.
Moreover, protection is granted locally by virtue of the Constitution (Arts. 2(5) and 2(6)). Some form of protection of trade secrets can also be found in various pieces of legislation, such as those relating to employment and contracts.
Coverage Horizontal

KENYA

N/A

Pillar Telecom infrastructure and competition  |  Sub-pillar Passive infrastructure sharing obligation
Lack of mandatory functional separation for dominant network operators
It is reported that Kenya does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, there is an obligation of accounting separation.
Coverage Telecommunications sector

KENYA

N/A

Pillar Intellectual Property Rights (IPRs)  |  Sub-pillar Signature of the WIPO Performances and Phonogram Treaty
Lack of ratification of the WIPO Performances and Phonogram Treaty
Kenya has signed the World Intellectual Property Organization (WIPO) Copyright Treaty in December 1996, but has not ratified it.
Coverage Horizontal

KENYA

N/A

Pillar Intellectual Property Rights (IPRs)  |  Sub-pillar Signature of the WIPO Copyright Treaty
Lack of ratification of the WIPO Copyright Treaty
Kenya has signed the World Intellectual Property Organization (WIPO) Copyright Treaty in December 1996, but has not ratified it.
Coverage Horizontal

KENYA

LA

Pillar Intellectual Property Rights (IPRs)  |  Sub-pillar Enforcement of copyright online
Lack of adequate enforcement of copyright online
It is reported that enforcement of IPR continues to pose a challenge to rights holders. It is estimated that piracy and counterfeiting of business software, records, music, and electronics such as mobile phones, costs firms over USD 300 million in lost sales annually. However, several case laws in Kenya highlight the commitments in protection of the IP rights of authors and content creators. The ruling of 2013 in the case "Nonny Gathoni Njenga & anor v. Catherine Masitsa & 2 ors" (Civil Case No. 490 of 2013) is one of several cases where court decisions have affirmed rights of copyright holders against abuse or continued infringement. In addition, it is reported that the rate of unlicensed software installation in the country was 74% in 2017 (above the 56% rate of the Middle Eastern and African countries), for an estimated commercial value of USD 99 million.
Coverage Horizontal