The Centre for Intellectual Property and Technology Law (CIPIT), a research centre at the Strathmore Law School, conducted a research project to investigate the privacy implications of using biometric technology during the electoral process in Kenya. The project focused on two main questions: what are the motivations for the adoption biometric technology in the Kenyan elections and, how is privacy and security of personal data in Kenya impacted by the adoption of biometrics in the electoral system.

The research project was done at both primary and secondary research in Nairobi, Kenya before, during and after the 2017 general elections. The report seeks to contribute evidence-based research to academic, policy and advocacy engagements on population registrations, elections, data security, and privacy.

The key takeaway from the research is that Kenya’s legal landscape lacks the protections that should be demanded to safeguard Kenyans privacy and protect data. Transparency, trust and security are key when deploying biometrics and other data technologies.

The African region has adopted the use of biometric technology in political processes, i.e. the use of peoples’ physical and behavioural characteristics to authenticate claimed identity. In Kenya, after the disputed 2007 election and the attendant violence, biometric technology was adopted to be used in the next general elections.

The report by CIPIT is keen to note that the IEBC called for an audit after opposition leaders raised an alarm that they shared voter details with other Kenyans. 128,000 Kenyans or 0.8% of the voter register shared national IDs or passports. There had been concerns that the integrity of the 2013 voter database had been breached post-election, and used by the ruling coalition to strategize on voter registration for the 2017 election.

The report also noted, there is no data protection legislation to operationalise the Article 31 right to privacy enshrined in the Kenyan Constitution. As such, there is no framework to protect the biometric and alphanumeric data in the voter register. Other bodies (private and public) are adopting the use of biometric data in their operations despite the lack of a data protection law.

The recent Cambridge Analytica scandal has left many Kenyans wondering to what extent the firm was involved in the country. CIPIT’s research project helped shed light on this issue. The research findings show evidence of microtargeting on both sides of the political divide during the political campaigns in 2017.

The right to privacy is well established in the Kenyan Constitution but there is no legal framework to actualize this right. The report recommends a strong data protection framework that constitutes Data Protection Legislation, Data Protection Authority and Capacity Building.

Read the full report here.