Privacy is often dismissed as a concern for those with “something to hide.” Yet in Kenya today, the right to privacy guaranteed under Article 31 of the 2010 Constitution is under unprecedented strain, not because citizens are engaged in wrongdoing, but because surveillance is quietly becoming normalized.
Digital surveillance refers to the use of technology to monitor, intercept, collect, and analyze digital communications and metadata. This includes phone call records, emails, GPS locations, browsing history, biometric data, CCTV footage, and social media activity. While such measures are often justified in the name of security or efficiency, their unchecked expansion poses serious risks to human dignity, autonomy, and democratic freedoms.
Kenya’s legal framework recognizes privacy as a fundamental human right, protected not only by the Constitution but also by international standards such as the Universal Declaration of Human Rights (UDHR) and the International Covenant on Civil and Political Rights (ICCPR). The Data Protection Act, 2019, further establishes requirements for lawful, transparent, and consensual data processing. However, enforcement safeguards remain weak, and accountability mechanisms are limited.
In recent years, concerns have grown around state surveillance targeting journalists, activists, and protesters. Security agencies have allegedly monitored social media platforms, tracked online communications, and used digital tools to identify individuals involved in dissent. Telecommunications companies have faced accusations, though denied, of sharing subscriber data without sufficient judicial oversight, even as they collaborate with law enforcement in national surveillance capacity‑building initiatives.
Legislative efforts have also signaled attempts to regulate and control online spaces. The Kenya Information and Communications (Amendment) Bill, 2019, sought to license bloggers and regulate online content, raising fears of censorship. More recently, the Kenya Information and Communications (Amendment) Bill, 2025, proposed by Aldai MP Marianne Kitany, introduces provisions that may create a mass surveillance architecture under the guise of consumer protection. The Bill proposes:
- Assigning unique “internet meter numbers” to every user;
- Mandating real‑time monitoring of internet usage;
- Annual submission of extensive subscriber data (full names, national IDs, DOBs, physical addresses) to the Communications Authority of Kenya (CA);
- Mandatory age verification for social media using national IDs.
These measures risk enabling mass tracking of digital behavior and significantly expanding state surveillance powers.
Surveillance has a chilling effect. When individuals believe their communications or online activities may be monitored, they self‑censor, hesitate to organize protests, or refrain from political discussion. This undermines freedoms of expression, association, and assembly protected under Articles 33 and 37 of the Constitution, as well as Articles 19 and 20 of the UDHR.
Corporate surveillance further compounds these risks. Global technology companies such as Google, Meta, Amazon, and Apple collect vast volumes of personal data often without meaningful user consent. As Shoshana Zuboff (2019) describes, this “surveillance capitalism” turns user behavior and preferences into a monetizable resource. These data troves are highly vulnerable to misuse, breaches, and unauthorized government access, creating additional pathways for intrusion into private life.
Kenya’s situation reflects a global trend. In countries such as Egypt, Hungary, Russia, and Iran, digital surveillance systems have been deployed to suppress dissent and consolidate power. These global parallels offer a clear warning: without strong oversight, surveillance erodes trust, weakens democratic institutions, and entrenches fear.
The right to privacy is rooted in human dignity, autonomy, and freedom. While certain surveillance measures may be justified under national security imperatives, they must always be lawful, necessary, proportionate, and subject to robust oversight. Both the Data Protection Act, 2019, and frameworks such as the EU’s General Data Protection Regulation (GDPR), 2018, underscore the need for consent, transparency, and user control over personal data. Yet gaps in enforcement leave Kenyans vulnerable to government overreach and corporate exploitation.
As Kenya deepens its digital transformation, the challenge is not to choose between security and privacy. Rather, it is to ensure that technological progress does not erode fundamental rights. Privacy should never become a casualty of modernization. The expansion of surveillance, if unchecked, creates opportunities for data collection without consent, widespread tracking, and eventual self‑censorship rooted in mistrust and fear.
A rights‑respecting future requires strong legal safeguards, independent oversight, and meaningful public participation to ensure that surveillance practices do not compromise Kenya’s democratic values.
Tatyana Njenga is Amnesty International Kenya Research Officer and writes in her personal capacity. Email: [email protected]