Amnesty Kenya issues study and practical guidelines to bolster data protection
The paired study and guidelines link real citizen experiences with practical compliance steps, underscoring that protecting personal data is central to protecting dignity, trust, and Kenya’s democracy.

Amnesty International Kenya has published two resources aimed at improving privacy and accountability in the country’s digital sphere: a perception study on how the Data Protection Act (DPA) has worked over the past five years, and new Data Protection Guidelines for Civil Society Organisations (CSOs) developed with the Data Privacy and Governance Society of Kenya (DPGSK).
What the study says
The report, ‘5 Years On: Citizens’ Perspectives on Kenya’s Data Protection Act Implementation,‘ examines public awareness and day-to-day experiences with the DPA. It finds that while the Act provides a solid legal framework, its impact is limited by low to moderate public awareness of digital rights, gaps in inclusion of marginalised groups, a weak regional footprint of the Office of the Data Protection Commissioner (ODPC), and uneven enforcement. Many Kenyans—especially in rural areas and among marginalised communities, either do not know their data rights or cannot exercise them, leaving them exposed to breaches and misuse.
New guidelines for civil society
To address practical gaps, Amnesty Kenya and DPGSK released Data Protection Guidelines for CSOs. The guidance covers building privacy programmes, managing data across its lifecycle, conducting impact assessments, and engaging with the ODPC. It frames CSOs not only as data processors bound by the DPA, but also as stewards of digital rights and public trust in their work with communities.
Why it matters
Amnesty Kenya presents data protection as both a human rights obligation and an ethical duty. As Kenya’s digital transformation accelerates, safeguarding personal data is crucial for supporting democratic participation, public confidence, and accountable institutions.
Amnesty Kenya urges: broader public awareness and digital-literacy efforts through local media, schools, community barazas, and online channels; targeted inclusion of women, youth, persons with disabilities, and rural communities; stronger ODPC capacity through funding, staffing, and regional offices; consistent penalties for state and corporate misuse of data, including by major telecom operators; and CSO leadership by adopting the new guidelines to model rights-based, ethical data use.