6. A Comparative Review of Cybercrime Law in Kenya: Juxtaposing National Legislation with International Treaty Standards

Brian Sang YK, Advocate of the High Court of Kenya; Deputy Director, Administrative Services, County Government of Narok, Kenya; email: [email protected]

Ivan Sang, Senior Researcher, Office of the Deputy Vice-Chancellor Research & Innovation, Strathmore University (Nairobi, Kenya); email: [email protected]

The enactment of Kenya’s first comprehensive cybercrime legislation, the Computer Misuse and Cybercrimes Act 2018 (‘Cybercrimes Act’), was a significant milestone in laying down legal regulations for cyber-activities. Two international treaty instruments – namely, the Budapest Convention on Cybercrime and the African Union Convention on Cyber Security and Personal Data Protection – were influential in drafting the Cybercrimes Act. Yet some of the provisions of the Cybercrimes Act that establish key definitions and criminal offences are inconsistent with these international treaty standards and in breach of Kenya’s Constitution.

This article argues that, if not reformed, these defective provisions run the risk of (i) interfering with digital rights and (ii) undermining the efficacy of Kenya’s cybercrime law. To systematically make the case for reform, this article comparatively reviews sections of the Cybercrimes Act by juxtaposing them with their equivalents in international treaties and selected national laws. The article proposes amendments to the Cybercrimes Act so as to result in a much more effective regime of cybercrime law in Kenya.