Data protection in Kenya: the case of the right to be forgotten

Abstract

The right to be forgotten is a data protection right that enables an individual to have personal data concerning themselves removed from the internet. Data Protection laws in Kenya are insufficient. The Data Protection Bill which was first drafted in 2008 is yet to be enacted in 2016. The internet has today become an important tool for many Kenyans that is used everyday yet there are insufficient laws to protect the data that they leave on the internet. In this paper I seek to determine whether Kenya should adopt the right to be forgotten. I examine the data protection laws in other countries to examine what a data protection right should entail. Then I look at the proposed right to be forgotten legislation and why the right to be forgotten is an important right. Finally I examine the situation in Kenya and find that there is a need for better Data Protection laws; even the right to be forgotten upon examination of the Data Protection Bill is insufficient. Not only do they not provide for the right to be forgotten or the right to erasure, it also fails to establish a regulatory authority to ensure compliance with the legislation. For these reasons I recommend that the Data Protection Bill should be amended to include the right to be forgotten and a proper regulatory authority should be set up under the Act. I also recommend that Data Protection should be a concern for the law makers who should amend the Bill and pass it.