Political Micro-Targeting in Kenya: An Analysis of the Legality of Data-Driven Campaign Strategies under the Data Protection Act

The 2013 general election marked the entry of data-driven campaigning into Kenyan politics as political parties begun collecting and storing voter data. More sophisticated techniques were deployed in 2017 as politicians retained the services of data analytics firms such as Cambridge Analytica, accused of digital colonialism and undermining democracies. It is alleged that political parties engaged in regular targeting and more intrusive micro-targeting, facilitated by the absence of a data protection legal framework.The promulgation of the Data Protection Act, 2019, ostensibly remedied this gap. This paper analyses whether, and to what extent, political parties can rely on the same–or similar– regular targeting and micro-targeting techniques in subsequent elections. While regular targeting differs from micro-targeting as the latter operates at a more granular level, both comprise of three steps- collecting a voter’s personal data, profiling them, and sending out targeted messages. This paper considers the legality of each of these steps in turn. It finds that going forward, such practices will likely require the consent of the data subject. However, the Act provides for several exceptions which political parties could abuse to circumvent this requirement. There are also considerable loopholes that allow open access to voter data in the electoral list as well as the personal data of the members of a rival political party. The efficacy of the Data Protection Act will largely rest on whether the Data Protection Commissioner will interpret it progressively and hold political parties to account.

Appraising the Impact of Kenya’s Cyber-Harassment Law on the Freedom of Expression

Kenya’s Computer Misuse and Cybercrimes Act makes it an offence, in Section 27, for a person to communicate with another a message that they know or ought to know would cause the recipient fear; is indecent or offensive in nature; or would detrimentally affect the recipient. This offence carries a penalty of either a 20 million shilling fine or a 10-year term of imprisonment or—discretionarily—both. While the offence is termed ‘cyber-harassment’, its wording appears to exclude a number of offences that would count as cyber-harassment such as cyber-stalking, doxing or impersonation. In fact, its wording is vague and overbroad, using undefined terms such as ‘detrimentally affect’ which require subjective interpretation. Cyber-harassment laws constitute a limitation on the freedom of expression and as such, ought to conform to the limitations of human rights test as provided in Article 24 of the Constitution. Where the aim sought is legitimate in a democratic society and other conditions such as legality are met, this limitation is valid. This paper reviews Kenya’s law that was recently upheld by the High Court in Bloggers Association of Kenya (BAKE) v Attorney General & Three others; Article 19 East Africa & another and finds that it fails to meet the limitations test prescribed under Article 24 of the Constitution. It argues that Section 27 of the Computer Misuse and Cybercrimes Act is therefore overbroad and has the potential to be used as a tool for the unconstitutional suppression of legitimate criticism.

Rethinking Patricia Asero Ochieng and Two Others v. The Attorney General and another

In 2012, the High Court of Kenya at Nairobi declared Section 2 of the Anti-Counterfeit Act (ACA) unconstitutional because its enforcement would limit access to affordable and essential drugs and medicines and thereby undermine the right to life, human dignity and health as guaranteed under the Constitution of Kenya. This case review revisits this important judgement by Justice Mumbi Ngugi with the aim of analysing it for legal soundness. Further, this review discusses the likely impact of the judgement on the fight against counterfeit drugs and access to drugs in Kenya. On the other hand, there will be a comparison between Kenyan legal system and some foreign laws. The review argues that the judge applied the wrong legal principles in making her determination, arriving at a legally flawed conclusion, thereby nullifying the balance between the rights of intellectual property rights owners and users as established under the Industrial Property Act.

Value Added Tax on Cross-Border Digital Supplies: The Kenyan Approach under the Finance Act 2019

Advancements in the global digital economy have resulted in high levels of profitability for enterprises operating within it. The digital economy is particularly challenging for tax authorities the world over, as it is characterised by an unparalleled reliance on intangible assets and a difficulty in determining the jurisdiction in which value creation occurs. It is against this backdrop that Kenya enacted the Finance Act 2019, that had amongst its objectives, the effective taxation on the consumption of cross-border digital supplies. The amendments are largely targeted at the taxation of imported digital supplies from foreign jurisdictions to final consumers in Kenya. They place the responsibility of tax assessment and remittance to the consumer of the service. This move presents a critical departure from the previous regime where the responsibility of Value Added Tax (VAT) assessment and remittance fell on the firms supplying the service squarely. This paper critically assesses the practical efficacy and inherent weaknesses arising from the potential implementation of the proposed amendments under the VAT Act and provides recommendations on the way forward.

Privacy and Data Protection Practices of Digital Lending Apps in Kenya

The Centre for Intellectual Property and Information Technology Law (CIPIT) has been studying the impact of digital identities on society. This has included policy research on the legal and technical aspects of the national digital ID system Huduma Namba under which the Government is integrating all its identification documents. This research shows that the national digital identity system also integrates with privately issued digital identities such as mobile phone numbers and social media accounts. We anticipate that as national digital ID uses increase, so will the linkage with private systems. This is already evident from e-government services, where payments for Government services, such as passport applications, drivers’ licences, national health insurance and hospital bills in public hospitals are made using mobile money platforms. We also appreciate that private digital ID is more developed and has more uses than national digital ID. For example, a 2019 survey, undertaken by the Central Bank of Kenya (CBK), estimates that access to financial products had risen from 26.7% in 2006 to 89% of the population in 2019. This is attributed partly to the availability of digital products such as “mobile banking, agency banking, digital finance and mobile apps”. These products make use of personal data, which broadly falls under digital identities. This study seeks to understand the privacy implications of digital ID by looking at digital lending apps.

Taxing Computer Software Royalties in Kenya: Reconciling Conceptual Approaches through Copyright and Property Law

Kenya has recently witnessed litigation regarding the tax implications of acquired software. Simply phrased, if software is intellectual property, then the usual tax implications attached to intellectual property will obtain. Though intuitive, this position is not as straightforward when it comes to acquisition of computer software. One main reason is responsible for the difficulty – the anatomy of computer software. This anatomy forces a more nuanced analysis of the components of a software transaction, and specifically the nature of interest in question. A corollary is that a diverse range of transactions – all involving different and separate interests – are possible. A proper taxation regime requires clarity as to what subject matter is subject to the tax treatment, be it a sale, licence, gift, and so on. The diversity of transactions possible regarding a single copyrighted work, however, anticipate the possibility of varied subject matter, specifically for tax purposes, which possibility diminishes any immediate certainty of the subject matter involved. Therefore, if it is possible for various kinds of market transactions, all with different tax implications, to inhere with respect to a single work of software, a more deliberate view is required. Kenyan jurisprudence has appeared to accept a broad characterisation of software-related transactions as attracting royalty payments. Recognising the obvious conceptual error in this view, other jurisdictions have drawn a clearer line between ‘copyright’ itself and ‘copyright-embodying’ articles. Fundamentally antithetical tax obligations accordingly accompany this differentiation.