Kenya has passed a new data protection law that complies with the European Union legal standards. The new law outlines restrictions on how personal data should be protected. 

The country is facing setbacks in how citizens’ data is being handled, stored and shared by the government and corporates. This is especially critical with foreign firms seeking interest in its financial innovations. One of Kenya’s prominent financial innovation is Safaricom’s M-Pesa mobile money service. 

Kenya lacking in data privacy is a huge disadvantage to its fintech ecosystem. The government perceives the new data protection law as crucial to encourage investments in fintech. For example, Amazon Web Services has confirmed plans to build some of its infrastructure in Kenya as part of its expansion strategy. In another example, Microsoft is partnering with local universities to create cutting-edge cloud technology in Africa.  

Joe Mucheru, minister for information, technology and communication, told Reuters that, “Kenya has joined the global community in terms of data protection standards.” 

Kenya’s new data protection law complies with the EU’s General Data Protection Regulation which came into effect in May 2018. The new law is setting a benchmark for the rest of the continent. According to media reports, an independent office will investigate any infringements on the new law. Violators will face serious consequences, including two-year prison sentences or fines of up to $29,000.

African governments have been urged to pay more attention to data protection. Another concern is that silicon giants such as Facebook, WhatsApp and Google have easy access to consumer data in African countries without restrictions.