dc.description.abstract | This study sought to evaluate the effectiveness of domestic data protection laws in African
countries, with a particular concentration on the recently gazetted Data Protection Law in
Kenya, typically referred to as the Kenya Data Protection Act, 2019. The study aimed at
achieving three specific objectives namely, establishing whether the domestic data protection
law in Kenya was enforceable, to evaluate whether the domestic data protection law in Kenya
conformed to international standards and to explore techniques that could be employed to
strengthen the domestic data protection law in Kenya. The study was explanatory in nature
because effectiveness of domestic data protection laws in African countries and particularly in
Kenya, is still a new concept and has not been adequately explained by previous studies that
the researcher was able to evaluate. The researcher settled on Nairobi County as the study area,
specifically narrowing down the study area to the Nairobi Central Business District, which was
home to the key target population that included policy makers, Internet Service Providers
(ISPs) and internet users, as at the time the study was being carried out. Basically, the sample
size was made up of Members of the National ICT Steering Committee, Members of the top
ten ICT companies in Nairobi, members of the main internet distributors in Nairobi, and the
Ministry of ICT in Nairobi County. A structured questionnaire with a mix of open-ended
questions as well as closed ended questions was used and complemented by an interview guide.
For the purpose of data analysis, the study employed descriptive as well as inferential statistics.
Based on findings from the study, it was evident that Kenya's domestic data protection
legislation is enforceable and can be properly implemented if a significant number of Kenyans
are educated on best practices to be adhered to when handling personal data, including data
processing and data protection, and if all relevant stakeholders were actively involved in the
process of developing a roadmap for implementation of these laws. The study also found that
Kenya's domestic data protection law, that was enacted in 2019 is largely influenced by the
General Data Protection Regulation (GDPR) that was adopted by member states of the
European Union (EU) in 2016 and currently stands as the gold standard in data protection
regulations. The results also show that the Kenya Data Protection Act of 2019, is a thorough
data protection law that safeguards individuals' personal data. The researcher was also able to
establish that the African Union (AU) Convention on Cyber Security and Personal Data
Protection, a treaty developed by member states of the AU to facilitate a unified approach to
addressing cyber security and data protection for African states, has only been ratified by a
very small number of African nations (seven as at the time of this study), with Kenya among
the 48 countries in the AU yet to ratify the treaty. The researcher therefore came to the
conclusion that data protection cannot be the responsibility of a single sovereign state, single
international agreement, or single global treaty, and that Africa's or Kenya's success in
safeguarding personal data of its citizens can only be ensured through one unified AU authority,
such as adoption of the AU Convention on Cyber Security and Personal Data Protection, which
cooperates with other international authorities like the GDPR in the EU. As part of the
recommendations of this study, it would be prudent for policymakers, lawmakers, and all other
key industry stakeholders to raise public knowledge about the Personal Data Protection Act of
2019, and to compare it to the worldwide best practices such as the GDPR to create a unified
and simple regulatory framework. Overall, the findings support the liberalism theory, which is
based on the idea that cooperation among states, as well as between states and non-state actors,
can and should be anchored, organized and formalized in institutions, thereby promoting
cooperation and conformity to predetermined agreements without the need for a hegemonic
player. | en_US |