We are currently recruiting for a number of exciting positions. Learn more

Data policing proves a complex affair

As the ability to collect and interpret data grows, companies are finding new routes to market innovating products and services and becoming more adept at navigating challenges in a competitive environment. But as the data mountain grows, regulators are also responding to the need to protect consumers and police its use.

Surging innovation is therefore likely to be met by an increasingly complex regulatory landscape, which firms will need to navigate with equal alacrity. The development of data science and data mining technology has driven an evolving debate on protection and privacy, which has increasingly translated into legislation.

In 2016, the European Union approved the General Data Protection Regulation (GDPR), marking a sea change in the global private data protection regime. According to United Nations Conference on Trade and Development, 107 countries have similar legislation on private data.


In Africa however, less than 40 per cent of all countries have such laws. That has allowed innovation to flourish in the digital space, but is also creating vulnerabilities, given rising cybercrime and inadequate protection systems.

Data is complex, and many governments are still struggling to understand, define and make sense of how it will shape their economies; hence, regulation is limited. Open access has allowed more efficient and innovation-led business models to evolve, better targeting consumer needs and tendencies, increased inclusion and access to financial or other services.

Apart from this developmental dividend, the relatively light-touch regulatory approach to data management has also increased the extent to which data can be used to support policy advocacy and associated positive development outcomes.


Yet data usage also has its darker side. The Cambridge Analytica scandal in 2017 exposed how East and West African countries are vulnerable to data-driven election manipulation with significant repercussions.

The perceived breach of people’s data privacy caused a tumult in the Kenyan and Nigerian political arenas.

Kenyan policymakers promptly drafted the Data Protection Bill in 2018, which sets out the regulatory parameters for data collection, retrieval and storage. It also defines what personal data constitutes.

Should the bill be passed, it will give effect to Article 31(c) of the Constitution, which outlines the right not to have “information relating to their family or private affairs unnecessarily required or revealed”, and Article 31(d), the right not to have “the privacy of their communications infringed”.


Progress has been slow, however. Public hearings are ongoing with opposition from digital businesses, which might be subject to licensing fees or face constraints to their data-driven business models.

As Kenya prepares for its 2022 General Election and, potentially, a referendum before then, the passing of the bill could become even more pertinent.

It could provide clearer parameters for how companies put in place processes and infrastructure to protect data while also placing constraints on what data can be kept and how it can be used — an important dynamic as relates to targeted online electoral campaigning.

Analysts have questioned whether personal data protection is a priority for Africans, citing tendencies to mimic others rather than the develop context-specific solutions.

But governments remain responsible for creating awareness for citizens on their susceptibility to breaches.


With the numerous, overlapping protection concerns, it is difficult to define priority areas for legislation.

ePrivacy Regulation, which is targeted at advertising companies and consumer privacy laws, may be what Kenya needs as a starting point as it focuses on general data protection.

Big Data can provide huge opportunities for businesses seeking to provide goods and services to African citizens as well as in create solutions to some of the most enduring development problems in the continent.

Over 90 per cent of the world’s data was created in the past two years, and global data is projected to grow by 40 per cent annually.

The wider availability of information might thus constitute one of the solutions to some pressing humanitarian problems and present a key tool to achieving the Sustainable Development Goals by 2030.

Little wonder, then, that the bill has attracted much attention. Enabling innovation and constructive use of data and protecting citizens from breaches or cybercrime linked to weak data laws are not mutually exclusive, they represent the fine balancing act the government has to navigate as Kenya enters a new era in data use and control.

Joslyne Muthoni is an associate consultant at Africa Practice. She can be contacted at [email protected]

Subscribe to our newsletter

Get our weekly take on the latest from across the continent – from politics and business, to culture and sport – straight to your inbox