KICTANet with support from the Slovak Agency for International Development Cooperation (SAIDC) convened a thought leadership roundtable discussion on 26 June 2024, dubbed “Policy Dialogue on Cybersecurity and Data Protection in Kenya.”
Dr Grace Githaiga, Convenor KICTANet highlighted the importance of striking a balance between cybersecurity and digital rights in Kenya’s digital landscape, cybersecurity challenges, and the review of the Computer Misuse and Cyber Crimes Act.
She noted that the country has witnessed a remarkable digital revolution, driven by mobile technologies, innovations and the Internet’s transformative power.
However, despite progress, cybersecurity challenges persist citing threats that have led to data breaches and financial losses; many individuals lack awareness about cybersecurity best practices; a shortage of skilled cybersecurity professionals hinders effective defence and regulatory frameworks that need continuous adaptation to address emerging threats.
The discussion focused on the upcoming fifth anniversary of the Computer Misuse and Cyber Crimes (CMC) Act 2018 and the need to assess its effectiveness and consider potential amendments to ensure its continued relevance in the face of rapidly evolving technologies like artificial intelligence (AI) and generative AI.
Areas related to the CMC Act that were discussed include:
- Scope and Provisions: Participants explored potential gaps and areas of concern within the Act and discussed how advancements in technology might impact its effectiveness.
- Implementation and Enforcement: Challenges hindering effective implementation and enforcement were discussed, along with the potential lack of awareness or understanding among relevant stakeholders.
- Impact on Digital Rights and Civil Liberties: The discussion addressed concerns about potential negative impacts on online content, freedom of expression, and the use of surveillance technologies. Participants explored the need for safeguards to prevent misuse of the Act for suppressing dissent.
- Balancing Cybersecurity and Freedoms: A central theme was the need to find a balance between cybersecurity measures and the fundamental rights enshrined in the 2010 Kenyan Constitution. Participants explored ways to foster innovation without compromising cybersecurity.
- International Cooperation: The importance of collaboration with other countries in information exchange, sharing best practices, and capacity building for cybersecurity was recognized.
Ms Charlotte Marie Matusova, Deputy Head of Mission/Consul of Slovakia in Kenya, expressed interest in collaborating with Kenyan experts on cybersecurity issues.
The National Computer and Cybercrimes Coordination Committee (NC4), acknowledged the need for improved awareness raising but emphasised their ongoing efforts. NC4 also mentioned plans for a strategic review of the CMC Act and potential membership in the Budapest Convention on Cybercrime.
Looking Beyond – The Estonian Example
The roundtable also explored Estonia’s successful approach to digital transformation and data privacy, highlighting key aspects like digital identity with citizen control, efficient transportation services through digital infrastructure, and robust information security pillars focused on confidentiality, availability, and integrity. The discussion also focused on Estonia’s approach to citizen data control and privacy, including notification systems for data access and the “once-only principle” that minimises data collection.
Key Takeaways from the Discussion
The roundtable discussions proposed:
- A need for robust legal frameworks and data protection compliance for digital initiatives like digital IDs.
- The importance of multi-stakeholder conversations to balance national security needs with individual privacy concerns.
- The critical role of legal oversight and established guardrails for the use of surveillance technologies.
- The importance of basic cybersecurity solutions and hygiene practices, coupled with knowledge dissemination through partnerships.
- A need to encourage responsible vulnerability disclosure programs and foster a culture of collaboration in cybersecurity.