Icons made by Icon Pond from www.flaticon.com

In heavily mechanized and science-driven agriculture, on the one hand, it is assumed persons, mostly seed companies of an international pedigree, who breed, develop or discover a seed or a plant variety[1] are producers while farmers are deemed to be consumers of plant breeders’ products through buying the seeds and planting the protected plant varieties. This dichotomy disregards the quintessential role of farmers from time immemorial to save, use, exchange and sell farm-saved seed/propagating material in order to promote agrobiodiversity and food security and nutrition.

Continue reading

Regulation of Collective Management Organisations in Kenya: Understanding the Law as-is

Icons made by prettycons from www.flaticon.com is licensed by CC 3.0 BY

By Caroline Wanjiru*

From our previous post, we have described the various Collective Management Organizations’ (CMO’s) in Kenya. Briefly, CMOs are not-for-profit membership entities authorized by Kenya Copyright Board (KECOBO) to carry out the business of copyright collection on behalf of their members. Their operations of the CMO’s are regulated by the Members, KECOBO and Law.

Continue reading

The Collective Management Organisations in Kenya’s Creative Market

Icons made by Freepik from www.flaticon.com licensed by CC 3.0 BY

As part of CIPIT’s daily interactions with creatives, the Centre is embarking on an Intellectual Property explainer series. Tailor-made for creators. No legalese, no jargon. Just practical information. The main focus of these blogs is the various Collective Management Organisations (CMO’s) that operate in Kenya. In this blog, Cynthia Nzuki, introduces what CMO’s are, what they do and whether they are effectively and efficiently managing copyright on behalf of their members.

By Cynthia Nzuki*

Collective Management Organizations (CMOs) are private not-for-profit entities licensed to collect and distribute royalties for and among its members. In Kenya, there are presently five main CMO’s licensed by the Kenya Copyright Board (KECOBO), as mandated by the Copyright Act of Kenya. They are:

  • The Reproduction Rights Society of Kenya (KOPIKEN),
  • Kenya Association of Music Producers (KAMP),
  • Music Copyright Society of Kenya (MCSK) (license here), and
  • The Performers Rights Society of Kenya (PRiSK) (joint license here).[1]

Over the years, these organizations have received a lot of criticism for alleged misappropriation and unscrupulous handling of their members’ revenue; some more than others.

Continue reading

Purpose Limitation and Data Minimization in the 2019 Data Protection Bill

Icons made by Freepik from www.flaticon.com is licensed by CC 3.0 BY

By Alex Gatawa*

The following post is the second of CIPIT’s analysis of the data protection principles provided for under section 25 of the Data Protection Bill. This post focuses on Section 25 (c) & 25 (d) of the Bill which provides for the processing of personal data collected should be for an explicit, specific and legitimate purpose and that the personal data should be adequate, relevant, limited to the purposes.

As was pointed out in the previous blog, available here, the central objective of the Data Protection Bill is to give effect to the Right to Privacy enshrined in Article 31 of the Constitution. Over and above this objective the preamble of the Bill provides other objectives of the Bill. It states that the Bill is to make provision for the regulation of the processing of personal data, provide for the rights of data subjects and impose obligations on the data controller and processors.   

In order to ensure that the objectives of the Bill, in particular, the regulation of the processing of personal data, are catered for, the Bill contains several provisions which help facilitate the achievement of these objectives. One such provision is Section 25 which contains the data protection principles, this blog will focus on the principles of purpose limitation and data minimisation provided for in section 25(c) & 25(d).

Continue reading


Icons made by Flat Icons from www.flaticon.com is licensed by CC 3.0 BY

By Jackie Akello and Jaaziyah Satar.

Kenya is set to have its sixth census since independence beginning on the night of 24th August 2019. The 2019 census exercise will mark the first census to be conducted since the promulgation of the 2010 Constitution.[1]

A census is the total process of collecting, compiling, evaluating, analyzing, and publishing demographic, social, and/or economic data at a specified time, pertaining to all persons in a country or a well-defined part of a country.[2] Section 2 of the Statistics Act[3] defines it as a statistical operation in which all units of the population of interest are enumerated[4]. The census exercise generally entails the counting of all people in a country at a specified time.

Continue reading

Privacy expanded: What is the right to privacy, as required in the Data Protection Bill?

Icons made by Freepik from”https://www.flaticon.com/”

This is the first in a series of blogs where the CIPIT team analyses the principles of data protection as provided in Section 25 of the Data Protection Bill, 2019. This edition by Charles Lwanga Opiyo tackles sections 25 (a) and (b) of the Bill, which provide for the processing of data in accordance to the right of privacy, and processing data in a lawful, fair and transparent manner respectively. In this analysis, sections of the Bill that reflect the principles in 25 (a) and (b) are reviewed as well…

The central objective in the Data Protection Bill, 2019 (the Bill) is to give effect to the right to privacy (Article 31 of the Constitution of Kenya 2010), as is explicitly stated in the preambular section of the Bill. Section 25 (a) of the Bill reiterates the constitutional right to privacy in the context of data protection, stating that data controllers and processors shall ensure that personal data is processed “in accordance with the right to privacy of the data subject”. This article seeks to unpack the concept of privacy in the Kenyan Constitutional context and analyze how the same concept is reflected in the Bill. The Constitution shall be the test upon which the provisions of the Bill are reviewed.

The provisions of Section 25 (b) – i.e., that data be processed lawfully, fairly, and in a transparent manner – are also discussed in this post because of their intimate connection with the right to privacy.

It is also understood that principles in the Bill are similar to Europe’s General Data Protection Regulations (GDPR). This article will highlight such similarities.

Continue reading

Defining a Digital Right to Access

Man denied access to information on computer Credit: agefotostock.com

A guest post by Jaaziyah Satar

The implementation of the right to access information has been a topic of conversation as early as the 18th century. Sweden became the first country in Europe to do so (implement right to access).  Anders Chydenius’ believed that democracy and workers’ rights were crucial to the economic growth of a state and urged that freedom of press and information is a vital right that should be accessible to all citizens; the English parliament also recognized the need and importance of abolishing political censorship in the 17th century. Eventually India, being the first non-European country, followed suit in the 20th century by incorporating the right to information into their own laws (known as the Right To Information Act).

Continue reading

Public Participation and Data Protection

Last year, CIPIT hosted a series of public participation fora over three months in response to a request for comment on a proposed Data Protection Bill originating from the Senate (the “Senate Bill”) and a similar policy that was formulated by the ICT Ministry (the “Ministry Bill”). The CIPIT events preceded a public participation event with a variety of stakeholders, held at the Louis Leakey Auditorium before the Privacy and Data Protection Taskforce on 5 October 2018.

The CIPIT events generated a great deal of discussion and informative content from the participants who consisted of stakeholders involved in the processing of data. The information collated during these events represented the varying positions and views held by participants and was synthesized into a cohesive set of documents that were presented during a meeting with the task force on 26 September 2018.

The legislative process is now at a crucial juncture, the Data Protection Bill is in the committee phase in the National Assembly. On Tuesday 16 July 2019, the Parliamentary Departmental Committee on Communication, Information and Innovation accepted Memoranda from the public on the 2019 Data Protection Bill.

Continue reading

The 2019 Data Protection Bill: A step in the right direction?

By Grace Bomu*

CIPIT welcomes the publication of the Data Protection Bill by Kenya’s National Assembly. The center has been involved in policy development for the digital economy in Kenya and Africa at large. In 2014, CIPIT gave input to the African Union Convention on Cybersecurity and Personal Data Protection, emphasizing on the need to protect and promote the right to privacy. Since then, there has been massive development in the data economy in both the public and private sector. CIPIT has previously recommended a comprehensive data protection framework for Kenya.

The Centre has reviewed the proposed law and submitted comments to the Clerk of the National Assembly. From our interaction with micro, small and medium enterprises (MSMEs) in the digital space, we have observed that these entities work in extremely different circumstances from traditional enterprises. Some of them are one-person operations that outsource services such as accounting on a need basis. It would be difficult for them to comply with the registration requirements, compared to larger entities that have dedicated compliance departments. We, therefore, propose that as the Bill requires registration of data processors and controllers, the data protection framework be tiered, and that consideration be given to the type of data being handled by data processors and controllers.

Continue reading

What Does a Data Protection Law Mean for the B2C Relationship? Exploring a possible Life-Cyle.

Data protection is definitely in vogue in Africa. This may be a response to the economic potential of having robust data protection safeguards, and the fear of being left behind by other states that have implemented such laws.

The intricacies involved in establishing a functioning data protection regime, mandate Kenya’s legislators to comprehend the full gamut of parties involved in the data life-cycle, and accruing rights and duties.

What is the data life-cycle? A report by the Centre for International Private Enterprise (CIPE) defines it as the four stages data goes through, from initial collection to disposal. These stages are data collection and processing, storage, transfer, and disposal.

Why is it important? Regulation should adequately modulate the actions of various persons in the data cycle and the processes involved.

Continue reading