Facebook, Twitter put on notice for Kenyans’ personal data breach

Technology giants like Twitter, Facebook and Google will soon come under government scrutiny for their handling of personal information belonging to Kenyans, the nominee for the position of Data Protection Commissioner told Parliament Wednesday.

Appearing before the National Assembly’s ICT committee for vetting, Immaculate Kassait said the multinational technology companies will be held liable for the use of data belonging to Kenya or Kenyans whether they operate locally or outside the country.


The data protection law, approved in November last year, sets out restrictions on how personally identifiable data obtained by firms and government entities can be handled, stored and shared.

The Data Protection Act 2019 gives the commissioner sweeping powers on the investigation of data breaches. These include powers of entry and search and issuing administrative fines.

“Even if they are internationally based companies and as long as they have data about Kenya, they have responsibility to adhere to laws of Kenya,” Ms Kassait, the current director of voter education at the Independent Electoral and Boundaries Commission (IEBC), said.

Facebook said in 2018 the personal information of up to 87 million users may have been improperly shared with political consultancy Cambridge Analytica.

Best known for helping Donald Trump’s presidential bid in the 2016 US elections, the London-based Cambridge Analytica was also involved in the campaigns for Kenyan President Uhuru Kenyatta in the 2013 and 2017 elections.

The Kenyan data protection law demands that a data controller or a technology firm notify the commissioner where personal records have been accessed or acquired by an unauthorised persons.

Offences under the Act attract a fine of up to Sh5 million and or imprisonment for a term not exceeding to 10 years or both.