Legal storm brews over Kenya’s cyber law as petitioners cry foul on privacy and expression
The petitioners argue that the new cybercrime law violates constitutional rights to privacy, free expression, and data protection, and was passed without proper public participation or Senate approval.
A petition has been filed in the High Court challenging the constitutionality of the Computer Misuse and Cybercrimes (Amendment) Act, 2024, which President William Ruto signed into law on October 24, 2025.
The petition, lodged by Reuben Kigame Lichete and the Kenya Human Rights Commission (KHRC), claims that the new law violates several constitutional rights, including the right to privacy, freedom of expression, and data protection.
More To Read
- Pressure mounts on Kenya to permit visit by UN special rapporteur
- KNCHR launches advisory on situation of human rights defenders in Kenya
- National Assembly clears Claris Awuor Ogangah to head KNCHR
- TIFA survey: UDA most popular party at 16 per cent, ODM second with 13 per cent
- Families of 21 boys killed in Hillside dorm fire sue state and school for negligence, cite violation of right to life
- Kenya Kwanza under fire: Civil groups decry killings, graft and constitutional violations
The Attorney General and the Speaker of the National Assembly have been named as respondents, while the Kenya Union of Journalists (KUJ), Media Council of Kenya, Law Society of Kenya (LSK), and the Data Protection Commissioner have been listed as interested parties.
'Vague and overbroad provisions'
According to the petitioners, the amendments introduce “vague and overbroad provisions” that infringe on fundamental freedoms guaranteed under Articles 31, 33, 35, and 47 of the Constitution.
They particularly take issue with the law’s requirement for mandatory verification of all social media accounts, arguing that it unlawfully compels citizens to disclose personal identifiers and legal names — a move they say infringes the right to privacy and violates data minimisation principles under the Data Protection Act, 2019.
The petition also contends that the amendment compromises the independence of the Office of the Data Protection Commissioner (ODPC) by creating overlapping and conflicting data collection and oversight frameworks.
In addition, the petitioners challenge the legislative process, claiming that Parliament passed the Bill without sufficient public participation. They argue it should have been treated as a Bill concerning county governments under Article 110(1) of the Constitution.
Failure to secure the Senate’s concurrence, they argue, “rendered the entire enactment procedurally defective.”
Through Mutuma Gichuru & Associates Advocates, the petitioners are asking the court to nullify the amendments and reaffirm that the Data Protection Act, 2019, remains the country’s primary legal framework governing personal data.
The case has been referred to the Constitutional and Human Rights Division of the High Court for directions.
Top Stories Today
