Protection of data sovereignty and cybersecurity: a study of cross-border data transfer regulations in Kenya

Abstract

As the global economy digitizes, data flow across borders becomes vital for trade, communication, and innovation. However, this brings challenges in privacy, cybersecurity, and regulation. In Kenya, cross-border data transfer regulations like the Data Protection Act, its accompanying Kenya Subsidiary Legislation, 2021 and the Computer Misuse and Cybercrimes Act aim to address these issues and protect privacy rights. Yet, their effectiveness remains uncertain, amid concerns about data sovereignty, jurisdictional conflicts, and rapid technological change. This study examines the adequacy of these regulations, using a doctrinal research approach. Through legal analysis and policy evaluation, it explores the regulatory landscape, identifies challenges, and assesses implications for businesses, government, and individuals. The study aims to highlight strengths and weaknesses, inform policy reforms, and contribute to the discourse on data governance and digital rights in Kenya and globally. By shedding light on cross-border data transfer regulations in Kenya, this research advances understanding of data governance dynamics in the digital age. It emphasizes the need to balance privacy protection, cybersecurity, and regulatory flexibility to foster innovation, economic growth, and social progress in Kenya and beyond.