On March 13, the Kenyan government announced that it had reported its first Covid-19 case. Since then, a raft of measures have been put in place to curb the spread of the virus including employing enhanced surveillance mechanisms and technology to deal with the pandemic.
One of the major developments has been increased aerial surveillance along most of Kenya’s borders to prevent illegal entry of people or suspected Covid-19 patients into the country.
On March 23, the Kenyan government announced that it would launch a contact-tracing app called mSafari. All Public Service Vehicle operators and passengers will be required to provide critical data that will help trace back movements of infected or suspected cases. Public Service Vehicles, taxis and motorbike operators would be required to collect contact details of every passenger which would automatically be registered on the mSafari platform.
All PSVs, including their owners and respective saccos, will be required to enrol on the platform using their vehicle registration number. Additionally, mSafari will also track the GPS location of each vehicle involved. Such a move by the Kenyan Government will certainly raise serious privacy and data protection concerns.
Electronic and mobile phone surveillance is being used to round up people who have escaped from quarantine centers or to enforce the mandatory 14-days of quarantine rule for suspected Covid-19 patients or for those who have come into direct or indirect contact with a Covid-19 patient.
People caught not wearing masks or those who returned from abroad prior to the suspension of all air travel into and out of Kenya were forcefully placed in quarantine facilities.
Some people have claimed that they were not allowed out of the detention facilities until they pay their nightly fees for the detention despite claims by the government that they would cover the costs. Cost of detention is approximately $20 a night though some Kenyan’s have paid as much as $65 per night.
Meanwhile, the Kenya Revenue Authority has unfettered discretion to conduct surveillance for tax purposes. This follows a recent decision by the Kenyan High Court in February to dismiss a challenge brought against sections of the Tax Procedures Act by an activist who argued that certain provisions of the Kenya Revenue Authority Act infringed on taxpayers’ privacy by offering KRA full access to their dwellings, records and devices such as computers and mobile phones.
There are concerns that the tax authorities may use this power to conduct extensive surveillance.
The Kenya Human Rights Commission has serious concerns about how and what data is collected by mSafari and how it will be stored. The KHRC also believes the Kenyan government’s Covid-19 surveillance and data-based tracking interventions have been rolled out in haste, and with limited precedent and oversight mechanisms.
The KHRC is concerned with a breach of privacy rights; unlawful arrests and detention in the pretext of enforcing curfew; extortion and bribery by law enforcement agencies; use of law enforcement agencies to conduct unlawful evictions in total disregard to court orders; and police brutality.
The application of mSafari and broadly enhanced surveillance for contact tracing of Covid-19 patients or those who have come in contact with them by the Kenya government would result in a fundamental breach of numerous privacy laws such as Article 31 of the Constitution of Kenya and provisions within Kenya’s Data Protection Act 2019.
Kenya’s Data Protection Act, under section 51(2) (b), states that where data is being processed with national security or public order objectives in mind, then all data protection principles would not apply to this form of processing.
This specific provision gives the state unfettered discretion to conduct mass surveillance. Furthermore, the act fails to specifically define the scope of national security and public order.
(Labelled for non-commercial re-use)