A Call for Social Responsibility: Protecting Our Data and Each Other’s Privacy

We live in a world where data has become a valuable commodity, and your personal information is constantly at risk. Every day, your personal information travels through countless digital channels, often ending up in the wrong hands.

A recent dissemination in Mombasa County on the findings of the Digital Health and Rights Project (DHRP) underscored a critical truth: the ethical use of data is not just a concern for governments and corporations; it is a social responsibility that extends to our communities, families, and friends. The experiences shared during the meeting mirrored the project’s findings, highlighting how data misuse can cause immense harm.

Governments around the world have turned personal data into a powerful tool for tracking and controlling individuals and marginalized groups. In Kenya, sex workers, political activists, and LGBTQ+ individuals find themselves under constant digital surveillance. Their phone records, location data, and online activities become weapons used against them. When authorities access this information, they can predict their movement, identify associates, and build cases that often lead to harassment, intimidation or prosecution.

Companies treat personal data like gold, mining every click, search, and purchase for maximum profit. Social media platforms, telecommunications companies, and data brokers create detailed profiles of users without their knowledge or informed consent. Your browsing habits reveal intimate details about your health conditions, financial status, and personal relationships. Companies package this information and sell it to advertisers, insurance companies, and other third parties. Health apps share medical information with pharmaceutical companies to track foot traffic patterns. The problem becomes more serious when this data ends up in the wrong hands and individuals deal with identity theft, financial fraud, and privacy violations.

The most concerning privacy violations occur at the hands of those closest to us, a problem particularly acute in communities where economic barriers force individuals to share smartphones and digital devices. Family members and friends, with or without malicious intent, access private messages and search histories, share sensitive information that can destroy lives and relationships. Search histories tell stories we never meant to share. That late-night medical query about a symptom you’re worried about, relationship advice you sought, or financial struggles you’ve been researching; all of this becomes visible when someone else uses your device. When such private information is exposed, it can lead to unwanted embarrassment and discrimination within your social circle.

Revenge sharing represents one of the most devastating forms of privacy violation. When relationships or friendships turn sour, some people weaponize intimate photos, videos, or private messages that were shared in trust. This malicious act destroys lives, careers, and mental health. The digital nature of this content means it can spread rapidly across multiple platforms, making it nearly impossible to completely remove. The shame and humiliation can lead to depression, anxiety, and in extreme cases, self-harm.

The “Salimia Politicians” phenomenon in Kenya perfectly demonstrates how no one is immune to privacy violations. Citizens used these numbers to directly confront politicians about their performance, corruption allegations, and broken promises. While some celebrated this as accountability, it highlighted a dangerous precedent. If public figures’ private contact information isn’t safe, what does this mean for ordinary citizens? The leak crossed ethical boundaries, potentially endangering families and enabling harassment beyond legitimate political discourse.

These practices are so normalized that many people don’t even realize they’re violating someone’s privacy. Many people underestimate how much personal information their phones contain. Banking apps stay logged in, location histories track your movements, and even deleted messages often remain recoverable. What seems like a quick favor – “Can I use your phone to call someone?” – can accidentally reveal intimate details about your life, relationships, and challenges.

The digital age makes these violations more permanent and far-reaching. What once might have been whispered gossip now becomes permanent digital records that are nearly impossible to completely remove.

When people lose control over their personal information, the psychological impact can be severe and long-lasting. The fear of exposure creates a constant state of anxiety, where individuals become hypervigilant about every digital interaction. Many people develop an overwhelming fear that their private information will be discovered and used against them. This prevents them from seeking crucial health information online or accessing digital healthcare services. Young people particularly avoid searching for information about sexual health, mental health, or substance abuse support because they fear someone will discover their searches. Additionally, when people can’t trust digital platforms to protect their privacy, they avoid telehealth services, mental health apps, and online support communities that could improve their wellbeing, creating a dangerous cycle where those who need help most become least likely to seek it.

When someone leaks your private information in Kenya, they’re not just crossing a social boundary, they’re breaking the law and can face real legal consequences. The legal framework for data protection is robust, primarily governed by the Data Protection Act, 2019 (DPA) that gives effect to Article 31 of the Constitution of Kenya, which guarantees every person the right to privacy. What makes this law particularly strong is its comprehensive scope. It applies to everyone;from tech giants and government agencies to small businesses and even individuals. Additionally, there are several other key laws in Kenya that protect privacy and data, including:

• The Computer Misuse and Cybercrimes Act, 2018: This legislation addresses various cybercrimes, including unauthorized access to computer systems, cyber-harassment, and identity theft, child pornography, wrongful distribution of obscene or intimate images, phishing and false publications.

Disclaimer: While the Computer Misuse and Cybercrimes Act (2018) criminalizes many online harms, it does not explicitly recognize or provide timely, survivor-centered remedies(takedowns, protective orders, psychosocial and medical support) for technology-facilitated abuses, especially health-related violations affecting women, LGBTQ+ people, sex workers and other marginalized groups.

• The Kenya Information and Communications Act: This act governs the communications sector and includes provisions related to the security and privacy of electronic communications and services.

The DPA regulates the collection, processing, storage, and sharing of personal data, and it established the Office of the Data Protection Commissioner (ODPC) to enforce it. The ODPC has already demonstrated its authority by issuing significant penalties. A notable case involved Casa Vera Lounge, a Nairobi restaurant that was fined KES 1,850,000 for posting a reveler’s image on its social media without their consent. The ODPC ruled that the lounge had no legal basis to process the individual’s image for commercial use and that their consent was required. This serves as a powerful precedent, reminding every person and entity that consent to share someone’s information is not an option; it’s a legal requirement.

For individuals, this can be prosecuted as a violation of privacy rights, which can result in legal action; orders to ceaseand desist, imprisonment, and even financial compensation to the victim. For businesses and organizations, the penalties are even steeper, with fines of up to KES 20 million or 1% of the annual turnover, whichever is higher.

If your data has been misused or your privacy violated, you have clear avenues for recourse:

• File a Complaint with the ODPC: You can file your complaint online through their website at https://www.odpc.go.ke/ , where they’ve streamlined the process to make it accessible for everyone.
• Seek Legal Counsel: You can engage a lawyer to pursue a case against the individual or entity that violated your privacy rights.
• Seek Legal Assistance from CSOs: You can seek legal assistance from civil society organizations (CSOs) that provide support for privacy, health and intersecting rights.

Your privacy matters and protecting it starts with recognizing that we all have a role to play in keeping each other’s information safe. To learn more about the experiences of young people using digital technology to access health information and services, you can find the DHRP report here: https://digitalhealthandrights.com/resource-library/report-paying-the-costs-of-connection/