The Computer Misuse and Cybercrimes Act Judgment: A Digest


By Abdulmalik Sugow and Jaaziyah Satar

Snapshot of the judgement

Issue Finding of the court
That the two-thirds gender
rule would not be met in the
National Computer and
Cybercrimes Co-ordination
Committee created under
the Act  
The challenge was premature as the
Committee is yet to be constituted.
Offences of false publication,
child pornography, cyber
harassment, cybersquatting
and wrongful distribution of
obscene or intimate images
were a limitation of
freedom of expression
Freedom of expression may be validly
limited in the public interest, to
preserve rights/reputations of others
and in accordance with the
In this case it was and also validly
limited in creating the offences
(of cyber harassment, squatting and
wrongful distribution of intimate
Section 24 criminalises child
pornography but omits the
word ‘child’. The provision
also used subjective terms
such as ‘erotic’, ‘lewd’, or
‘designed to arouse sexual
interest’ that had not been
The court took the contextual view
that pornography as defined is focused
on criminalisation of child pornography as stated in the marginal notes. The definition of pornography as such, needed not be definite as the matter is subjective.  
Absence of mens rea in some
of the offences e.g
unauthorised interference
was contrary to the
Constitution as it could result
in prosecution of innocent
The nature of the offences were
computer integrity crimes and the mens rea could be gleaned from the wording
of the provisions. Use of the words
‘intentional’, ‘unlawful’, ‘willful’ all
connote mens rea.  
Granting of powers to obtain search warrants, make
preservation orders and
intercept information to the
police were an improper
limitation of the Right to
The powers were not unchecked and
contained safeguards. Further, nature of cyber offences justified expanding the
tools available to officers.    
Amendment of the Bill during the Committee of the Whole (after it had already been subjected to public participation) denied members of the public opportunity to give input on the new issues The Petitioner read the Standing Order selectively and failed to identify any amendments after the fact that expanded the scope of the Bill. The cou-rt deferred to Parliament to regulate its own internal affairs citing the principle of separation of powers.


On 16th May 2018, the President of Kenya assented to the Computer Misuse and Cybercrimes Act (‘the Act’). Its objective is to provide for offences relating to computer systems, enabling among other things, prompt detection and prosecution of computer and cybercrimes. The Act among other things criminalises fake news as well as publication of false information. Shortly after its enactment, the Bloggers Association of Kenya (BAKE), challenged its constitutionality before the High Court of Kenya, resulting in the suspension of 26 sections pending the hearing and determination of the suit. The grounds of the petition was the limitation of various fundamental freedoms by provisions of the Act. On 20th February 2020, Justice Makau gave the final judgment that upheld, in entirety, the constitutionality of the Act. In this blog post, we discuss the highlights of this judgement.

The court addressed five substantive issues:

Continue reading

Digital surveillance in health emergencies



Icons made by Freepik from

By Grace Mutung’u Dr Isaac Rutenberg

Like many of her African counterparts, Kenya faces unique challenges and opportunities in battling the Coronavirus. Due to high unemployment, many people survive on income from casual and informal employment. Such income is unpredictable, and many people in this situation have no significant savings or other buffers against periods when work is scarce. It may therefore not be practical to put major cities and towns on complete lockdown without inviting potentially unmanageable social problems. Indeed, it has so far proven difficult to close open air markets or stop (the privately owned) public service vehicles from operating. To highlight these challenges, Journalist James Smart used social media to show the difficult balance that is the life of informal traders who now have to stretch their meagre earnings to cover their daily needs, after the middle class to whom they supply their labour retreated to social distancing.

The reality of rural urban migration is that many who come to Nairobi and other town centres in search of work never really settle in the towns. Their souls are rooted in their upcountry homes, as Joe Mopero’s classic hit Naona heri nirudi nyumbani, kwa baba na mama nikawasaidie (“I’ve decided to go back to my father’s and mother’s house, to help”)reminds us. At the slightest sight of insecurity, such as the lack of income brought about by Kenya’s partial lockdown, many city dwellers will travel back home to wait it out. This, of course, presents the greatest means of spreading the Coronavirus throughout the country, and government officials have been begging people to resist from taking that trip to the countryside.

Continue reading

The Draft Registration of Persons (NIIMS) Regulations 2020


, ,

Icons made by Payungkead from

By Beatrice Mungai

Following the judgement in the case of Nubian Rights Forum & 2 others v Attorney General & 9 others (Huduma Namba case), the Ministry of Interior and Coordination of National Government released the draft Registration of Persons (NIIMS) regulations. The draft Regulation intends to operationalize Section 9A of the Registration of Persons Act that establishes the National Integrated Information Management System (NIIMS). The court ordered that the government is at liberty to proceed with the implementation of NIIMS but on the condition that an appropriate comprehensive legal framework is first enacted.[1]

This blogpost gives a brief overview of the draft regulations and comments on further issues that the regulations should consider in view of the Huduma Namba Judgement.

Comment on the Draft NIIMS Regulations


The first of the draft regulation deals with definition of terms and its scope of application. Whereas the part gives a distinction between huduma card and huduma namba, as well as between functional and foundational data, it fails to define several key terms.

The regulations uses “agency” but fail to specify whether this refers only to public agencies. It is also not clear if the regulations also apply to private agencies carrying out authentication using Huduma Namba. The term “biographic data” also needs to be defined so as to specify what kind of data falls under this category, especially since the processing of data may infringe on privacy. Hence the need t have clarity on the exact data types that may be collected. The regulations should also elaborate on what “multipurpose” means so as to provide a clear limit on the purposes for use of Huduma Namba.

Continue reading




Icons made by surang from

By Florence A. Ogonjo

The Government of Kenya through the Ministry of Information Technology recently published draft regulations, the Data Protection (Civil Registrations) Regulations 2020 and called for a public participation hearing on 27th February 2020 at KICC, welcoming oral submissions and comments to the draft regulations.

The regulations are divided into six parts covering respectively; Preliminary, Data Protection Principles, Rights of the data subject, Obligations of the civil registration entity, Security Safeguards, and Miscellaneous provisions.

CIPIT took part in the public hearing sessions and took note of debates arising from the process as discussed below. Data Protection Principles

Ensuring that legal frameworks on data protection meet the objective of protecting the collection, processing, and storage of personal data requires that the frameworks are structured to adhere to the principles of data protection. The regulation has focused on two principles – consent and security safeguards, inadequately addressing other core principles on purpose limitation, storage limitation, adequacy, and data transfer.

In order to avoid abuse, there is need for clarity on all the principles. The principles give effect to the rights of a data subject. Abiding by these principles not only guarantees the right to privacy but also legally justifies the processing of personal data in a manner that respects the rule of law.

Processing of Personal Data relating to children.

Children are less aware of the risk involved in the processing of their personal data and therefore merit specific protection when their data is collected and used. Consideration must be given to clarity on privacy notices, reliance on direct consent of a child, the competence of the child in understanding what they are agreeing to, identification of risks and consequences of the processing and the implementation of age-appropriate safeguards.

Continue reading

Innovation in Kenya: Why Corporations in Kenya/ Kenyan Corporations Should Engage with the Patent System.



Image from Google Images

By Mercy King’ori

Typically, corporations more than individual inventors, are known to spearhead inventions and make use of the patent system as a tool of protection. In fact, statistics on patent applications and grants indicate that most patenting activity is done by companies more than individuals.[1] Nevertheless, the situation is not uniform throughout the world. According to a study interrogating whether patents and utility models encourage innovation in Kenya, it showed that the number of individual inventors applying and receiving patents is more than corporations.[2] However, despite more individuals applying and receiving patents, the number of patents is still low and there is a high rate of abandonment of patents.[3]  The study reveals that more individuals were granted utility model certificates than corporations. Additionally, it reveals that despite corporations having fewer patents in Kenya, there is still inventive work happening in the companies.

To anyone who has interacted with news of innovation levels in Kenya, this might come as a surprise since Kenya has been and continues to be hailed as a hub of innovation. Infact, the Global Innovation Index (GII), continuously ranks Kenya among the highest of the African countries.[4] This is despite the mentioned low number of patents. However, this can be attributed to the fact that the level of innovation in a country is not measured by the level of patenting activity only.[5] The 2019 GII indicated that there are other indicators of innovation in a country such as the amount of venture capital deals in a country, level of high technology imports, mobile app downloads and political and operational stability among other indicators.[6] According to GII, patent applications is just one of the sub- indicators under the sub-pillar of knowledge creation which is under the larger pillar of “knowledge and technology outputs”.[7] The GII uses uniform indicators to rank all the countries. For example, under the sub-pillar of knowledge creation where patent applications fall, it shows that Kenya ranks as number 72 out of the 130 countries.[8]

Continue reading




By Grace Mutung’u and Jaaziyah Satar

Kenya introduced digital ID vide an amendment to the Registration of Persons Act in December 2018. The amendment introduced  the National Integrated Identity Management System (NIIMS) that centralises all government identity systems, popularly known as Huduma Namba (Swahili for service number).  CIPIT has discussed the Huduma Namba in previous blog posts.  In Janiary 2019, three petitions opposing NIIMS were lodged. Interim orders that partially permitted the NIIMS project were issued in April. The petitions were heard in September of 2019.  Judgement was delivered on the 30thof January 2020. 

Grounds for the petition 

The petitions were grounded on several constitutional issues among them: that NIIMS perpetuated discrimination against groups like Nubians (the first petititoner) who undergo different administrative processes when seeking national identity documents. As the process involves security vetting, groups such Nubians would therefore be profiled during the vetting. Another ground was the procedure used to enact the Bill as it did not go through the Senate. Petitioners also argued that the Bill was unconstitutional as the omnibus style (collation of several bills into one) prevented the public from adequately engaging with the Bill.Finally, petitioners also protested that the amendment was a violation of the right to privacy, due to the intrusive nature of data that was to be collected. 

Summary of issues 

The court determined that there were three main issues for determination: the legislative procedure, the right to privacy and right to equality and non-discrimination. 

1.Legislative procedure

  1. Whether there was Public Participation

The petitioners argued that the public was generally unaware of  the Bill and the time provided for public participation was very limited, the notice in the newspaper having only provided for 7 days. The respondents countered that there had been a sufficient amount of time provided to the public to provide their feedback on the amendments made to the Bill from the time it was gazetted.  

Continue reading




Icons made by Darius Dan from

By Godana Galma


At the dawn of the new decade, perhaps the most anticipated technological breakthrough is not the progress of autonomous vehicles or the onset of smart cities but rather the evolutionary technology underpinning them. This is the Fifth Generation Mobile Network Technology commonly known as 5G.

Based on early signs, 5G promises a technological paradigm shift not only in the field of telecommunications but also in the areas of healthcare, manufacturing, transport and commerce.[1] This is because this generation of cellular broadband is designed to increase speed and substantially improve lower latency which can consequently improve the performance of real time applications.[2] The substantial jump in speed will support a number of data intensive tasks such as streaming heavy video content and instantaneous video calls amongst others. A practical example of the significant jump in speed offered by 5G is evident in tests showing that an ordinary 5GB film in High Definition can be downloaded, in ideal conditions, in about 8 seconds.[3]

Further, with improved flexibility of wireless services, 5G is poised to unleash the full potential of the ‘Internet of Things’ i.e. the system by which a variety of everyday machines connected to the web can send and receive data. This presents several benefits including the development of autonomous vehicles, augmented AI and remote medical care. In this way, the network is poised to provide an underlying fabric of unprecedented connectivity to a wide array of industries thereby transforming economic and business policies globally. At the local level, 5G rollout is expected to improve the lives of ordinary Kenyans by enhancing mobile communication facilities and improving digital literacy especially in rural areas which are predominantly under 2/3G coverage.[4]

Continue reading

Blogging and Monetization



Image from Pixabay

By Mercy King’ori

(This post forms part one of a new series on blogging and considerations that entrant bloggers face.)

Blogs have been recognised as one of the most prominent web 2.0 technologies that allow creation of user generated content.[1] Web 2.0 also known as “social computing” has been defined as “internet tools that foster collaboration and interaction”.[2] It is the web version that allows people to create their content and allow them to interact with content from others.[3] One of the most powerful features of web 2.0 is that it “empowers and generates communities with similar interests”.[4] Web 2.0 was a transition from the web that only programmers could contribute, to a web that allows anyone to participate online by publishing and sharing content.[5] A shift from “uni-directional mass media to participatory media where viewers and readers of media become the creators of the media”.[6]

The history of blogging can be traced back to the advent of the web.[7] The web was invented and implemented in 1990.[8] By this time, the internet was already operational and was mainly used by scientists, programmers and people interested in new forms of communication.[9] In 1993, the web was opened to the general public with Mosaic, the web browser that popularised the world wide web.[10] As a result of its simplicity and reliability, it facilitated a rise in personal home pages where people posted about their personal matters akin to some modern blogs.[11] However, these personal websites were not always referred to as “blogs”. Some were referred to as online personal diaries.[12] The word  “blog” came from the word “weblog” which referred to a “log of visitors that a person who administers a web server can see”.[13] However, John Barger, creator of the site “Robot Wisdom” suggested an alternative purpose of the word.[14] This alternative purpose was reflected in the title of his site “Robot Wisdom: A Weblog by John Barger”.[15] His site consisted of a list of links to other sites with no commentary.[16] As others created sites with some commentary, the term “weblogs” applied to such posts. It was Peter Merholz that shortened the term “weblog” to “blog” in 1999.[17]

Continue reading

The Anti-Counterfeit Authority Operational Overlap in Protection of Intellectual Property Rights in Goods and Services in Kenya



Image from Google images

By *Perpetua Mwangi

The fact is that there is a market for counterfeit products that has contributed to the expansion of this outlawed industry. More often than not, consumers are not able to access legitimate brands because on one hand, they are misled by counterfeiters and on the other hand, legitimate brands are outside their means hence consumers settle for versions of the brands they desire. In fact, the market for counterfeit products is vast and readily accessible, occasioning unfair competition.

During past Jamhuri Day Celebrations, the Head of State issued an executive order to investigate intellectual property (IP) infringement and destroy counterfeits on sight. He reiterated that counterfeits are a major impediment to the growth of the manufacturing sector, which is the first pillar among the ‘Big Four’ Agenda. This kind of political goodwill reinforces the legislative commitment in addressing intellectual property rights (IPRs) infringement.

With the explosion of technology, counterfeiters are benefiting from the digital space. Whilst, it is a logistical nightmare for law enforcement and, for brand owners seeking to protect and enforce their IP, reputation and revenue streams.


On 20th November 2019, Justice John M. Mativo of the High Court’s Judicial Review Division, delivered a judgment in Republic V. Anti-Counterfeit Agency Ex-Parte Caroline Mangala T/A Hair Works Saloon.[1] The sum effect of the judgment is that the common law right of passing off is a form of infringement of IPRs in goods and services thath amounts to counterfeiting under the Anti-Counterfeit Act.

The Applicant, Caroline Mangala, a Kenyan business lady operating a beauty shop called Hair Works Saloon (sic), sought Judicial Review Orders against the Anti-Counterfeit Authority, whose officers seized beauty products by the brand Makari De Suisse on the basis that they were counterfeit.  The crux of her application was that the seizure was unfair, illegal and tainted by bad faith considering that she had submitted samples of the same products to the Kenya Bureau of Standards (KEBS) to ascertain whether they were counterfeit or not, to which KEBS confirmed the product being of acceptable standard. The application occasioned chance for the court to address intellectual property issues as below.

  1. IP Considerations in Anti-Counterfeit Regulations

JO Global Venture Limited allegedly agents of M/s Victoria Albi Incorporated and alleged owners of the trademark Makari De Suisse filed a complaint with the Anti-Counterfeit Authority (ACA) alleging trademark infringement. As a general rule, for one to pursue complaints in IP Regulations, registration is a key starting point on issues of locus.

In fact, Section 5 of the Trade Marks’ Act precludes parties from seeking redress for a trademark violation, unless that mark is registered. The Applicant argued that the Complainant was not a registered owner of the mark Makari De Suisse in Kenya under the provisions of the Trade Marks’ Act, even though an application had been lodged and still pending examination at the Registrar of Trade Marks. The Applicant’s main argument was that the Complainant did not have a duly registered trade mark in existence capable of laying a basis to lodge a complaint for infringement.

Among other legal issues, the Court considered the correlation between counterfeiting and standardization of goods. Though standardization of products is a mandate of KEBS, it does not oust the mandate of ACA in curbing counterfeiting. The Court agreed that there are times when goods will be substandard but not counterfeit, or counterfeit but not substandard or both counterfeit and substandard. [2]

In PAO & 2 Others v Attorney General[3] the Court held that the test as to whether goods are counterfeit lies in Section 2 of the Anti-Counterfeit Act.  Therefore, even in cases where products have passed the required standards after laboratory tests by KEBS, the ACA may still pursue issues of counterfeit, especially to ensure that there is no IP violation, whether under the Trade Marks’ Act or in common law.

  1. Presumption of IPR Ownership

Section 26(5) of the Anti-Counterfeit Act, provides that where the subsistence of IPRs in respect of suspected counterfeit goods or the title or interest in IPRs is in issue, the complainant shall be presumed to be the owner of the copyright or the related right, until the contrary is proved.

Therefore, an interpretation of the foregoing provision reveals that to file a complaint at ACA on the basis of IP rights violation, one does not need to prove registration of the same mark. This is unlike the requirement to prove registration under Section 5 of the Trademarks Act.  

This means that the ACA in dealing with counterfeiting also enforces protection of IPRs, which is an overlap to the provisions under the Trade Marks’ Act.  Essentially, counterfeiting includes making any goods that are imitations of protected goods without the authority of the owner of the IPR.

  1. Fate of unregistered IPRs

As a rule of thumb, there is need for every IP owner to take necessary steps to ensure that their rights are legally enforceable. Registration offers one way of proving the existence and ownership of the rights at any one given time. Failure to register IPRs often leaves room for infringement and consequently, unnecessary and lengthy litigation.

That notwithstanding, there is a doctrine of “common law Trademarks’’, as held in Capital Estate and General Agencies (Pty) Ltd & others v Holiday Inns Inc. & others.[4]This doctrine is to the effect that, the fact that in a particular case there is no protection by way of patent, copyright or registered design, does not license a trader to carry on his business in unfair competition with rivals. Therefore, though subject to several disputes and arguments, one cannot purport to unfairly utilize another’s intellectual property rights on the basis that they have not been registered.

The common law tort of passing off can be used to enforce unregistered trademark rights. One only needs to satisfy the “Classic Trinity-reputation and goodwill, misrepresentation, and damages“ as established in Reckitt & Colman Ltd v Borden Inc. (Jif Lemon case)[5].

  1. Conclusion

The effect of the recent judgment is that there is now a mixed approach in enforcement of IPRs. A quick glance at the mood set in the judgment reveals the possibility of multiagency regulation and coordination in enforcement of IPRs. The ACA and KIPI can collaborate to ensure that no one benefits from other people’s IPRs unfairly.

Protection of IPRs is not only guaranteed by mainstream Intellectual Property Regulation Instruments like the Trade Marks’ Act but also the Anti- Counterfeit laws in Kenya as interpreted by Justice Mativo. The Anti-Counterfeit Authority has a mandate to ensure protection of IPRs. The mandate is exercised whether the IPR is registered or not owing to the presumption of ownership by the complainant. Once the presumption is questioned, there is an avenue for separate proceedings, either before the Courts or before the Registrar of Trade Marks’ to make a determination as to ownership.

*Ms Perpetua Mwangi is the Head of the Intellectual Property Division at Simba and Simba Advocates. 

[1] [2019] eKLR, Judicial Review No. 325 of 2018.

[2] Ibid 2 at paragraph 25

[3] [2012] eKLR

[4] 1977 (2) SA 916 (A) at 925H)

[5] [1990] 1 All E.R. 873.

The Friendly Troll and Africa Podcast Day



By Mitchel Ondili

It’s Africa podcast day and CIPIT would like to shed a spotlight on its podcast, launched late last year, The Friendly Troll.

First things first, why a troll? Why is it friendly? Why another podcast?

The Global South is often seen as an incubator for the Global North to identify and implement their solutions to our perceived problems, but not often as a case study for what the Global North can learn from us. In this vein, a podcast is born. Exploring tech dynamics in the Global South in the context of larger tech developments around the globe.

Our episodes focus on tech problems and tech solutions in an ever growing, ever dynamic digital world viewed through a prism of the Global South.

Our current episodes

Mobile Money Reversal, what can the West Learn (EP 1)

Mobile money has solved access issues in Africa that the west is only seemingly beginning to catch up to. This episode looks at these pitfalls and asks about how to address the issue of mobile money reversal. This is an issue that the West is still grappling with which has been resolved for a while in Africa, though not without its own pitfalls. For instance, while it is possible to reverse erroneous transactions, this is limited to the money still being in the recipients e-wallet, in the absence of which, action outside the mobile money platform will have to be taken.

Digital ID Double edged Sword for the Global South (EP 2)

The recent Huduma number controversy has asked important questions about digital ID, its use and benefits and, the need for it to be properly regulated in order to avoid data mishandling.

Digital ID has been linked to development, being part of SDG 16, targeting ‘legal identity for all, including birth registration’ by 2030. Building a digital identity ecosystem, particularly for developing countries will rely on private sector participants often. Control over digital ID will have to ensure that the data of individuals isn’t exploited.

In Kenya’s case this requires focus on two key areas:

  1. The regulatory framework – the Data Protection Act was passed in 2019 and recently, a High Court judgement emphasized that the Huduma number exercise must be undertaken within a proper regulatory framework calling for the legislators to take up the role of defining the framework within which digital identity is protected.
  2. Technological infrastructure – digital ID kits may need to be outsourced and this creates a need for the tech infrastructure to be as homegrown as possible and where the involvement of private sector participants or foreign governments is concerned, a stricter regulatory framework to ensure that at all times, our data is in our control.

Big Tech in the Global South (EP 3)

This episode was a foray into the emerging superpowers in tech, the US and China, and the effect that they have on developing countries. The US remains the dominant technological force on the global stage due to multiple factors of political, economic and military influence and a pervasive identity in the digital space. With that said, China is fast on its heels investing greater amounts into the Global South as part of its Belt and Road initiative which includes a digital Belt and Road.

A dominant part of China’s influence extends to the Global South, in both private sector projects as well as large scale government collaboration. This carries questions of data independence and the effect that the extended influence can have on cybersurveillance efforts.

Tech Giants and Competition Law in the Global South (EP 4)

Competition law (or antitrust as it’s known in the US) has a lot to say about how smaller tech companies can take on the giants. Tracing the origins of antitrust law, the episode looks at the telecommunication corporations in Kenya dominating the ISP space as well and what that might mean for smaller providers. Kenyan law, which is modelled after European competition law, predicates antitrust actions on dominance in the market which may allow mischief on the part of smaller ISPs.

The episode also takes a look into the ways that FACEBOOK is attempting to keep a hold on its market share, Free Basics to be specific and the lessons that Kenya can learn on how to be more wary about who they allow to access their data.

All podcast episodes are available on apple podcasts, Stitcher, Tune In + Alexa , Spotify and Google podcast