The High Court of Kenya sitting in Nairobi dismissed an application to suspend 26 sections of the Computer Misuse and Cybercrime Act, 2018. The High Court Judge James Makau dismissed a case filed by the Bloggers Association of Kenya (BAKE) that challenged the constitutionality of the Computer Misuse and Cybercrimes Act (the Act). The Act provides for offences relating to computer systems; it enables timely and effective detection, prohibition, prevention, response, investigation and prosecution of computer and cybercrimes; it facilitates international cooperation in dealing with computer and cybercrime matters amongst other provisions.
The BAKE moved to court to challenge the law on its constitutional basis on account of infringing Article 33 of the Constitution of Kenya relating to freedom of speech as well as lack of public participation. BAKE had initially moved to seek interim orders barring the commencement of the Act on 29th May 2018.
Suspension of the provisions under contention
The High Court issued orders suspending the 26 sections of the act by granting conservatory orders to bar the specific sections from coming into effect on the commencement date of 30th May 2019. The Court granted further extensions of suspensions on merit, on multiple instances pending the hearing and determination of the case.
The suspended sections were: 5, 16, 17, 22, 23, 24, 27, 28, 29, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 48, 49, 50, 51, 52 & 53.
The Decision of the Court
On 20th February 2020, High Court Judge James Makau finally rendered his judgment declaring that the Act was valid, and further that the 26 sections that BAKE had contested were not in contravention of fundamental rights and freedoms in the Constitution, thereby dismissing the case.
The Implications of the Ruling
Following the decision of the Court, it is expected that the Government under its respective ministry will move to publish regulations that will guide the enforcement of the Act.
Antecedent developments in the realm of Technology, Media and Telecommunications such as data privacy, e-commerce and dynamic cyber-crimes such as cyber fraud and cyber warfare, have necessitated the enactment of cybercrime laws. This has also been a worldwide trend following The African Union’s Convention on Cyber Security and Personal Data Protection as well as the Council of Europe’s Cyber Crime Convention (Budapest Convention).
It will be interesting to see how stakeholders such as the National Computer and Cybercrimes Co-ordination Committee in the Communications Authority the Ministry of ICT, law enforcement and the judiciary will implement the provisions of the Act in light of emerging areas of digital offerings.
In addition, with newer concepts of digital services being innovated on global platforms, the vague areas as postulated in the Act such as surveillance and digital rights may be compromised without sound legal provisions for enforcement.
Organisations will need to be more vigilant in their cyber resilience undertakings by effecting legally viable policies that are adopted by employees and business partners.
For more information about compliance with the Act, please contact Ckariuki@tripleoklaw.com or jothero@tripleoklaw.com.