The annual event brought by Communication Authority was meant to coincide with the day when the International Telegraph Convention was signed establishing the International Telegraph Union, 17 May 1865 where Kenya is a member state. The event focused on emerging technologies and how they can be used to drive the recently unveiled Big 4 agenda; food security, manufacturing, universal health and affordable housing. The post shall address the legal perspective of these technologies that were addressed.

First, the technologies in discussion were Artificial Intelligence (AI), Internet of Things (IoT) and block chain. The first day began with a panel discussion comprised of the AI and block chain taskforce led by Mr. Bitange Ndemo.  Of importance emphasis was the way such technology continues to be used unregulated. However, Bitange was quick to state that technology should be allowed to thrive before the law could come to govern so as to avoid stifling technological development in the country. That way it becomes possible to know the various ways which the technology can be used before such usage can be restricted or allowed.

The rate of absorption of technology by various sectors was highlighted. One key highlight was the decision to use block chain in the land registry to deal with the challenges of land transaction in Kenya. In terms of ranking, the legal sector was ranked the last due to the resistance by lawyers in the fear that such usage of technology would cut off their revenue streams. Despite such opposition, the reality of having to deal with disputes associated with these emerging technologies was discussed and this was posed as a new opportunity for such lawyers. Other benefits included enjoying economies of scale, since with technology carrying out the repetitive, time-consuming and unambiguous legal tasks, the lawyer will be able to handle more cases at the substance level rather than procedural that can be delegated to machines. The most expected challenge would be the lack of capacity to deal with such cases at the judiciary level.

Cybersecurity was at the forefront of the discussion especially with the Cybercrime and Computer Related Act that was passed. Additionally, as more activities are expected to be carried out in the cyberspace in fulfillment of the Agenda it will be necessary to ensure such safety online. The greatly contested piece of legislation was seen as a solution to deal with ever evolving threat in the cyberspace.

There were presentations on how the various emerging technologies are being used to implement the Agenda. Two presentations that stood out in their use of technology for service delivery. One was by M-health, a telehealth company that provides medical services by utilizing mobile technology. The company uses mobile messaging services to remind patients to take their drugs, when to go to their clinics among other services to the patients and caregivers. Another one was Acre Africa that gives crop insurance to farmers. In this case, farmers purchase seeds from agrovets licensed by Acre Africa, in the packaging there are scratch card like tokens which the farmers scratches and sends to the number written on it. Using this method the company is able to know which farmer bought their seeds, where they planted them, the weather at the time among other details that will determine the particulars of the insurance taken out. Therefore, in case of crop failure, they are able to know the amount lost and pay back the farmer. Among the technologies used are satellite imaging to locate the farmers and mobile payment to pay out the cash.

Concerns of data privacy were highlighted, in light of possible adoption of such technologies. One example was in the use of Internet of Things to collect data that will drive other technologies such as machine learning and block chain. The concerns were mainly because of the lack of a data protection regime in the country and the lack of comprehensiveness of the Bill that once existed. Up until such laws are established organisations were urged to come up with self-regulatory policies that would guide how data driven organisations handle data. The progress of having such a legislation is currently pegged to the recently formed Taskforce on the Development of the Policy and Regulatory Framework for Privacy and Data Protection in Kenya led by Mercy Wanjau. There was consensus that such laws on data privacy would do better if more public participation was done as a tool of consumer protection; at this point I got the chance to introduce the audience to the site Jadili to add their input for ICT and IP related policy laws that are currently before Parliament.

Lastly, in terms of expertise to propel the technological turbine in Kenya, it was stated that more people need to enter the technical sphere and acquire the knowledge to use the technologies to tackle our unique issues to increase homegrown solutions. Indeed, the challenges to be surmounted in Kenya could benefit a huge deal from the use of these emerging technologies. However, such activities need to thrive under regulation that promotes their use.





The successful report launch by the Centre for Intellectual Property and Information Technology on the use of Biometrics technology for elections was well attended with key players in the ICT sphere. The event began with opening remarks from the Dr. Isaac Rutenberg, Director of CIPIT followed by presentations on the findings on the investigations by Francis Monyango and Robert Muthuri both from CIPIT. This was followed by presentations by John Walubengo, Mr. Fernando, Sharon Bosire, IEBC representative and lastly, Senator Halake.

The report found that Kenyan voters remain exposed to personal data abuse so long as there lacks appropriate legislative and enforcement issues. The full report can be found here.

John Walubengo, an ICT expert shed more light on the General Data Protection Regulations (GDPR). The presentation focused on defining who a data collector is as per the GDPR while giving emphasis on the rights and obligations of the data collectors and data subjects. The concept of data minimization as a principle of data privacy emerged in explaining the rights of data subjects one of them being the right to have only relevant and not excessive data of the subjects collected. In terms of security of data, developers of products that use personal data were advised on the importance of not only securing data but demonstrating to users that their data is secure.

With regards to data controllers who in this case are the developers, certain obligations were highlighted. They include: breach notification, obtaining the necessary consents before using data, territoriality of data and lastly, the issue of penalties with regards to not fulfilling obligations was highlighted.

Sharon Bosire the Legal Officer at Communication Authority, brought to the attention of the attendees, the legal framework currently in existence in Kenya that addresses issues of data privacy; the Kenya Information Communication Act (KICA), 2009 and the KICA (Consumer Protection) Regulations, 2010. The CA representative was brought to task to explain why the authority did not have a portal for complaints on matters of infringement of data privacy during the election similar to the one of NCIC for reporting hate speech during the electioneering period.

Mr. Fernando Wangila, the ICT Director at National Transport and Safety Authority (NTSA) made a presentation on the efforts that the transport authority is making to ensure that the citizens’ data is secure given the introduction on the smart driving licenses that replaces the manual process of obtaining licenses. The presentation pointed to a belief that the illegalities that mar the vehicle registration and insuring of motor vehicles in Kenya will be cured through the use of online services and such efforts can only be bolstered by a secure data base that is free from manipulation. In this presentation, the aspect of integrity on the part of the authority’s officials was emphasized as a key ingredient to ensure that such databases remain accurate and trustworthy. One of the ways mentioned that would prevent illegal activities is the Transport Integrated Management System(TIMS) platform by NTSA where one can obtain digital log books, for online transfer of motor vehicles and for registration of vehicles.

The IEBC Representative gave an overview of how the IEBC systems work and the security measures that it has taken up. He sought to set the record straight with regards to security measures that IEBC has taken up to secure that citizens’ data is secure. The importance of accuracy of data that is inputted in systems was well emphasised, pointing out that inaccurate data would inadvertently affect the smooth operation of elections as was witnessed in the last elections.

Senator Halake, the Vice- Chair of the ICT Committee gave suggestions on how to tackle the data privacy issue form a legislative and enforcement point. In terms of legislation, she advised the academic sector such as CIPIT as well as other stakeholders such as KICTANET to come up with draft laws on Data Protection and Cybersecurity and submit them to the ICT committee for consideration. She emphasized that such contributions would be more practical as compared to expecting the legislature to come up with draft laws that are consistently requiring amendments due to challenges such as lack of well researched laws. In enforcement, she called for a reduction in the number of authorities being created to oversee implementation of various legislations. In this case, she applauded the recommendation in the report to allocate the role of Data Protection Authorities as is in other jurisdictions to the Office of the Ombudsman in Kenya. Lastly, she warned against adopting the provisions of the GDPR into our national legislation and called for coming up with legislation that serves our unique needs as GDPR serves the EU needs. In legislating, she pointed out the importance of striking a balance between encouraging innovation using data and protection of data of Kenyan citizens as she cautioned against too much legislation that would end up stifling innovation.