In 2023, Tanzanian businessman sued Vodacom in a TZSh10 Billion law suit for allegedly sharing his personal data with Open AI ChatGPT without his consent. The allegedly sensitive personal data, which the business man claims he found on ChatGPT, included: call logs, IMEI, IMSI, SIM identity and Personally Identifiable Information (PIIs) including his mobile phone location for a span of 30 days.

How the Fast Paced Tech is Impacting on Data Privacy Issues

This speaks of the unprecedented legal concerns that are coming along with the fast advancing digital era; data privacy being key among them, not to mention others such as intellectual property rights. Open AI has been defending suits in US courts for allegations of personal data theft and using copyrighted material without consent from authors for training its chat bot ChatGPT .

British Mathematician, Clive Humby stated in 2006 that “Data is the new oil”. The reality of this proposition can be seen in organisations that are now harnessing the potential of personal data collated over time from clients and customers, and leveraging on technological advancements such as AI to help them interpret data, improve customer experience, design customer products, grow sales, create and improve business models, and what have you.

Common AI Related Data Privacy Risks in Kenya

However, this poses data privacy risks in Kenya and around the world, including; personal data breach through access by unauthorised parties, data theft and even more grave threats such as identity theft. The risk is especially critical considering the amount of sensitive personal data that most organisations handle.

The potential damages ensuing from a data breach can be quite sinister. However, personal data protection laws like the data protection act kenya have been vigilant on the threat that the use of personal data poses to the right of privacy, and entities using technology for business advantage are now encountering roadblocks presented by data privacy laws.

Here are some of the potential risks to privacy and security posed by artificial intelligence (AI):

Potential Data Privacy Issues

Data collection and usage: AI systems often require large amounts of data to train and operate effectively. This data can be personal and sensitive, and its collection, use, and storage raise concerns about privacy violations.
Profiling and discrimination: AI algorithms can analyze data to create detailed profiles of individuals, which can be used for targeted advertising, personalized pricing, or even discrimination in areas like employment, housing, and loan applications.
De-identification and re-identification: Even if data is anonymized, it may be possible to re-identify individuals using other information, especially when combined with multiple datasets.

Potential Security Issues

AI hacking and manipulation: Malicious actors may try to hack AI systems to steal data, manipulate algorithms, or cause harm. For example, they could inject poisoned data into training sets to bias outputs or exploit vulnerabilities in AI software.
Deepfakes and misinformation: AI can be used to create realistic deepfakes of people saying or doing things they never did. This could be used to spread misinformation, damage reputations, or even interfere with elections.
Autonomous weapons: The development of autonomous weapons systems controlled by AI raises ethical and security concerns, as their actions could be difficult to predict or control.


It is evident that technology is like a malignant tumour, ever growing at a rate that is uncontrollable. And while we appreciate that technology is having a positive revolutionary impact on the modern day civilisation, we cannot turn a blind eye to the potential harm it carries. This is perhaps where the law comes in by trying to curb or otherwise mitigate the detriments of technology.

To allow technology to thrive in an unregulated environment would be to let a wild dog on the loose. But the question that lingers is, how efficaciously can the dog be leashed? How far can the law really restrain technology, taking into consideration its prolific nature? Is the law a foolproof guard rail? Is the law able to prevent all the potential harm that technological advancement carries in its cloud over the human race?

FAQs on AI & Data Privacy in Kenya

What’s the AI regulation in Kenya

At the moment, Kenya doesn’t have a dedicated national AI strategy or regulatory framework. However, several regulations and initiatives are relevant to AI development and usage including the Data Protection Act, 2019 which sets the foundation for data protection Kenya.

There is also the Computer Misuse and Cybercrimes Act, 2018 which addresses offenses related to digital platforms, which could apply to malicious uses of AI in Kenya.

The government of Kenya has also had initiatives like the Blockchain & Artificial Intelligence Task Force, established in 2018. The task force explored the potential of AI in the public sector and recommended developing an AI policy and regulatory framework in Kenya..

Which law governs data privacy in Kenya?

Again, the Data Protection Act 2019 serves as the key legislation overseeing personal data protection in Kenya. The law was enacted in 2019 and its designed to safeguard the fundamental right to privacy as enshrined in the Kenyan Constitution

Who is responsible for data protection compliance in Kenya?

The responsibility when it comes to data protection compliance in Kenya depends on your specific context:

For example, if you are an organization handling personal data, the responsibility will fall under:

Data Controller: A data controller is defined by the Data Protection Act as a natural or legal person, public authority, agency, or other body which alone, or jointly with others, determines the purpose and means of processing personal data. They bear the primary responsibility for ensuring compliance with the Act.
Data Protection Officer (DPO): The act also recommends appointing a data protection officer if your organization handles sensitive data. In this case the DPO acts as an advisor and internal monitor on data protection matters.

Speak to a Data Privacy and Governance lawyer in Kenya

As one of the best data privacy and governance lawyer in Kenya, we help individuals, organizations, and government agencies navigate the complex legal landscape surrounding AI and its impact on data privacy.

We help organizations comply with relevant data protection laws, such as the Data Protection Act Kenya, the GDPR, CCPA, and others, in the context of their AI applications.

Get in touch with us today via +254 725 615 596 or

Leave a Reply

Your email address will not be published. Required fields are marked *

× How can I help you?