Can You Record Conversations and Phone Calls in Kenya?
In Kenya, the legislations in place do not specifically address the legality of recordings between individuals. However, the Kenyan Constitution in Article 31 protects the privacy of Kenyan Citizens by stating:
“Every person has the right to privacy, which includes the right not to have—
(a) their person, home or property searched.
(b) their possessions seized.
(c) information relating to their family or private affairs unnecessarily required or revealed.
(d) the privacy of their communications infringed.”
So going by the constitution, you may be liable for civil action if you record and disseminate a conversation or phone call containing family or private affairs of another person.
Also, recording others without seeking their consent may expose you to a lawsuit as the aggrieved party may claim a violation of privacy under the constitution. This is highly likely if the recordings are intended for slander, defamation, or to spread false claims against another person.
Are Recordings Admissible in Court?
Recordings, either video or audio, are admissible in Kenyan courts provided they adhere to the Evidence Act. Section 78A of the Evidence Act states that:
(1) “In any legal proceedings, electronic messages and digital material shall be admissible as evidence.
(2) The court shall not deny admissibility of evidence under subsection (1) only on the ground that it is not in its original form.”
Before recording videos, make sure your actions are not going to violate the constitution, which protects the privacy of others.
The rule of thumb is, do not record anyone without consent when they are in a place where there is a reasonable expectation of privacy. Such places include inside homes, hotel rooms, changing rooms, etc.
Recording videos of others in these places may lead to a violation of Article 31(C), which states everyone has a right to not have information concerning their family or private affairs required or revealed.
The Data Protection Act, 2019 regulates the processing of personal data owned by Kenyans and processed by the Government, businesses, agencies and companies. The Act is modelled after the European Union’s General Data Protection Regulations (GDPR) and is largely similar in some aspects.
Section 25 of the Act states that:
“Every data controller or data processor shall ensure that personal data is —
(a) processed in accordance with the right to privacy of the data subject;
(b) processed lawfully, fairly and in a transparent manner in relation to any data subject;
(c) collected for explicit, specified and legitimate purposes and not further processed in a manner incompatible with those purposes;
(d) adequate, relevant, limited to what is necessary in relation to the purposes for which it is processed;
(e) collected only where a valid explanation is provided whenever information relating to family or private affairs is required;
(f) accurate and, where necessary, kept up to date, with every reasonable step being taken to ensure that any inaccurate personal data is erased or rectified without delay;
(g) kept in a form which identifies the data subjects for no longer than is necessary for the purposes which it was collected; and
(h) not transferred outside Kenya, unless there is proof of adequate data protection safeguards or consent from the data subject.”
Data Controller is defined by the Act as,
“a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of processing of personal data.”
Section 26 outlines the rights of data subjects. It states that:
“A data subject has a right —
(a) to be informed of the use to which their personal data is to be put;
(b) to access their personal data in custody of data controller or data processor;
(c) to object to the processing of all or part of their personal data;
(d) to correction of false or misleading data; and
(e) to deletion of false or misleading data about them.”
In cases where an individual may not be in a position to exercise his or her rights mentioned in Section 26, the rights may be conferred to other appropriate persons.
Section 27 states that:
“A right conferred on a data subject may be exercised—
(a) where the data subject is a minor, by a person who has parental authority or by a guardian;
(b) where the data subject has a mental or other disability, by a person duly authorised to act as their guardian or administrator; or
(c) in any other case, by a person duly authorised by the data subject.”
Data subjects aggrieved by a violation of the Data Protection Act may lodge a complaint with the Data Commissioner, an office established by the same act. Complaints can be made orally or in writing. Section 56
After receiving a complaint, investigating and finding the accused guilty of failing to comply, the Data Commissioner may serve an enforcement notice on that person requiring steps to comply be taken within a specified period. Section 58
Any person who fails to comply with the enforcement notice is liable on conviction to a fine not exceeding five million shillings or to imprisonment for a term not exceeding two years, or to both. Section 58(3)
Failure to comply with the enforcement notice may lead to a penalty imposed by the data commissioner. The penalty is a maximum of five million shillings, or in the case of an undertaking, up to one per centum of its annual turnover of the preceding financial year, whichever is lower. Section 62
Person(s) who suffer damage due to a violation of this act will be entitled to compensation from the data controller involved in the processing of personal data. Section 65