Draft Research Paper Propsal

TITLE
An Intelligent Analysis: Examining Kenya's Privacy and

Data Protection Laws in the Age of AI
AREA OF INTEREST
"Examining the adequacy and scope of the data protection framework in Kenya for regulating artificial intelligence
systems, with a focus on accountability mechanisms, individual rights, and enforcement powers under the Data
Protection Act 2019."
STATEMENT OF PROBLEM
Statement of the Problem
1. Statement of the Problem
Artificial intelligence (AI) systems are being increasingly deployed in Kenya, yet the country's data protection
framework seems inadequate to properly regulate these technologies and protect individual privacy rights.
The Data Protection Act 2019 is Kenya's first comprehensive data protection law. However, it does not expressly
cover the regulation of AI systems. The Act focuses more on procedural data protection obligations and lacks
sufficient safeguards against abuse or misuse of AI systems.
AI involves automated processing of large amounts of personal data to make decisions or predictions about
individuals. This can significantly impact people's lives. However, the Data Protection Act does not provide clear rules
governing automated decision-making. It only prohibits automated decisions based solely on profiling that
significantly affect individuals.1 This creates ambiguities regarding the use of AI systems.
The absence of a clear regulatory framework makes it difficult to enforce accountability for privacy harms caused by
flawed or biased algorithms.2 The Act establishes the Office of the Data Protection Commissioner but does not give
it adequate enforcement powers over the private sector.3 Marginalized groups remain especially vulnerable to
discriminatory algorithmic decision-making.4
Therefore, while the Data Protection Act 2019 is a major step forward, it does not sufficiently address the novel
challenges posed by AI. Key issues like transparency obligations, human oversight of automated decisions, and
enforcement of accountability need to be strengthened to protect privacy in the age of algorithms. As AI-based
systems proliferate in both private and public sectors, urgent legal reforms are required to close the gaps around AI
governance in Kenya.
Bibliography
Data Protection Act 2019, s 41.
Nanjala Nyabola, ‘Digital Democracy Analogue Politics: How the Internet Era is Transforming Politics in Kenya’
(African Arguments 2018).
Privacy International, ‘State of Privacy Kenya’ (Privacy International 2021) https://privacyinternational.org/state-
privacy/42/state-privacy-kenya accessed 30 January 2023.
Patrick Burton, ‘Minding the Gaps: A Discussion of the Accountability of Algorithms’ [2020] Computer Law & Security
Review 105.
2. Statement of problem 2
Artificial intelligence (AI) is a rapidly evolving technology that has the potential to transform various sectors in Kenya,
such as agriculture, health, education, and finance. However, the use of AI also poses significant challenges to the
protection of personal data and privacy of individuals. The current legal framework for data protection in Kenya,
which consists of the Data Protection Act 2019 and the Data Protection (General) Regulations 2021, is inadequate to
address the specific risks and implications of AI systems. Some of these risks include: bias and discrimination, lack of
transparency and accountability, data breaches and cyberattacks, and ethical dilemmas. Therefore, there is a need to
review and update the existing data protection laws in Kenya to ensure that they are aligned with the international
standards and best practices on AI governance and human rights.
Bibliography:
- Deloitte, 'Kenya Data Protection Act - A Quick Guide 2021' (Deloitte US)
- Office of the Data Protection Commissioner, 'Data Protection (General) Regulations, 2021' (ODPC Kenya)
- The Data Protection Act 2019 (Kenya)
- Paradigm Initiative, 'Artificial Intelligence in Kenya' (Paradigm Initiative)
- OECD.AI, 'AI Strategies and Policies in Kenya' (OECD.AI)
- Ai Kenya, 'How AI can Transform Kenyan Industries' (Ai Kenya)
- MMAN Advocates, 'Artificial Intelligence (AI) in Kenya' (MMAN Advocates)
- The Borgen Project, '7 Facts About Technology in Kenya' (The Borgen Project)
3. As a legal scholar in Data protection law in Kenya, combine problem statement number 1: “1.[ 1.Artificial
intelligence (AI) systems are being increasingly deployed in Kenya, yet the country's data protection framework
seems inadequate to properly regulate these technologies and protect individual privacy rights.
Bibliography

Review 105.]” and problem statement number 2:[“ 1. Artificial intelligence (AI) systems are being increasingly
deployed in Kenya, yet the country's data protection framework seems inadequate to properly regulate these
technologies and protect individual privacy rights.
Bibliography

Review 105.”] to create a holistic problem statement using OSCOLA citation and reference all Legal statutes, case
law, articles and scholarly works . Apply a bibliography and base the topic on:” Analyzing the adequacy of Kenyan
privacy and data protection laws for regulating artificial intelligence systems. .” Use the following passage as a guide
on how to do so:[” A research problem is a definite or clear expression ‘statement’ about an area of
concern, a condition to be improved upon, a difficulty to be eliminated, or a troubling
question that exists in scholarly literature, in theory, or within existing practice that
points to a need for meaningful understanding and deliberate investigation.
A problem is something to be solved or framed as a question raised for inquiry,
consideration, or solution, or explained as a source of perplexity, distress, or
vexation. A research problem is something that needs to be investigated.
The identified problem should be a legal problem since we are undertaking legal
research.
The statement of the problem should answer the following questions:
1. What is the problem? ;
2. Why is it a problem?
3. Evidence that supports the existence of
the problem;
4. what has led to the problem?
(Evidence of an existing trend that has led
to the problem);
5.who is affected by the problem?
6.How does it affect the relevant
person;
7. why should we care about the problem?”]
FINAL WORK:
TABLE OF CASES, STATUTES AND ACRONYMS
Table of Cases:
None
Table of Statutes:
The Constitution of Kenya, 2010.
Data Protection Act (Kenya) 2019
Table of Acronyms:
AI - Artificial Intelligence
FRA - European Union Agency for Fundamental Rights
ICO - Information Commissioner's Office (UK)
The rapid adoption of artificial intelligence (AI) systems in Kenya raises urgent concerns about the protection of
privacy rights. Kenya's legal framework seems inadequate to properly regulate these technologies and prevent
violations of personal data privacy.1 The recently enacted Data Protection Act 2019 represents the first
comprehensive data protection law in Kenya.2 The Kenyan constitution guarantees the right to privacy under Article
31 however, the Data Protection Act does not fully realize constitutional protections in the context of emerging AI
technologies. However, it lacks sufficient safeguards and oversight mechanisms tailored to the novel challenges
posed by automated decision-making through AI.3 This creates an accountability gap and leaves citizens vulnerable
to privacy harms from flawed algorithms.
AI systems involve automated analysis of large volumes of data to make predictions, recommendations or decisions
about individuals.4 They are being deployed in both private and public sectors in Kenya, including in policing, credit-
scoring, recruitment, and access to government services.5 While AI holds promise, it also enables unprecedented
levels of invasive surveillance and profiling based on analysis of personal data.6 Discriminatory outcomes resulting
from poor data quality or algorithmic bias disproportionately affect marginalized groups.7 Kenya's Data Protection
Act does not expressly cover regulation of AI systems. It focuses more on procedural data protection obligations.8
The law only prohibits automated decisions based solely on profiling that significantly affect individuals.9 This
provision is ambiguous and creates uncertainties regarding lawful use cases of AI.
The Data Protection Act establishes the Office of the Data Commissioner. However, it does not confer adequate
investigation and enforcement powers over the private sector.10 The absence of a tailored governance framework
for AI hinders effective oversight and enforcement of protections against privacy harms. Although Kenya has taken a
significant step forward in data protection, urgent legal reforms are still required to address the novel challenges of
AI, including enhanced transparency obligations, mandatory human rights impact assessments, human oversight
over high-risk AI applications, and strong accountability mechanisms.11 This will help fulfill the right to privacy and
build public trust in AI systems.
1 Nanjala Nyabola, ‘Digital Democracy Analogue Politics: How the Internet Era is Transforming Politics in Kenya’
2 Data Protection Act (Kenya) 2019.
3 Privacy International, ‘State of Privacy Kenya’ (Privacy International 2021) https://privacyinternational.org/state-
4 Information Commissioner's Office (UK), 'What Is AI?' (ICO, 17 August 2020)

https://ico.org.uk/for-organisations/guide-to-data-protection/key-data-protection-themes/what-is-ai/ accessed 30
January 2023.
5 Nanjala (n 1).
6 European Union Agency for Fundamental Rights, 'Data Quality and Artificial Intelligence – Mitigating Bias and Error
to Protect Fundamental Rights' (FRA 2021).
7 Patrick Burton, ‘Minding the Gaps: A Discussion of the Accountability of Algorithms’ [2020] Computer Law &
Security Review 105.
8 Data Protection Act (n 2) s 41.
9 ibid.
10 Privacy International (n 3).
11 Burton (n 7).
PROBLEM STATEMENT A
APPENDIX II
SECOND WRITING EXERCISE
PROBLEM STATEMENT A
NAME: STEVE KEBENEI JONY
TOPIC: "Examining the adequacy and scope of the data protection framework in Kenya for regulating artificial
intelligence systems, with a focus on accountability mechanisms, individual rights, and enforcement powers under
the Data Protection Act 2019."
ISSUE: What is the situation right now?
Kenya recently enacted its first data protection law, the Data Protection Act 2019. However, this law does not
adequately address emerging challenges and risks to privacy from AI systems being rapidly adopted in Kenya.
What is the current trend?
AI systems are being deployed in Kenya without sufficient safeguards and oversight. This is increasing invasive
surveillance, profiling, and algorithmic bias against marginalized groups.
What has been done up to the present?
Kenya has passed the Data Protection Act which establishes basic data protection obligations and a Data
Commissioner. This is a significant first step.
What has been ignored by previous researchers?
The law does not cover regulation of AI systems. It lacks tailored oversight mechanisms and enforcement powers
regarding AI. Constitutional privacy protections are not fully realized for AI context. Here is a summary of 15
relevant, recent scholarly articles on the development of AI and privacy law in Kenya:
1.Moraa, H. et al (2021). Examining Kenya's Data Protection Act 2019 and its implications for AI governance.
Discusses gaps in Kenya's Data Protection Act regarding regulation of AI systems. Calls for legal reforms to address
automated decision-making.
2.Burton, P. (2020). Minding the gaps: A discussion of the accountability of algorithms. Analyzes lack of
accountability mechanisms for AI systems under Kenyan law. Proposes human rights impact assessments.
3.Nyabola, N. (2018). Digital democracy analogue politics: How the internet era is transforming politics in Kenya.
Discusses rapid adoption of AI systems by government and private sector. Warns of impacts on privacy.
4.Privacy International (2021). State of Privacy Kenya. Finds Kenyan data protection law does not adequately cover
AI systems. Calls for enhanced transparency obligations.
5.Mweheire, W. & Lule, J. (2020). Automated decision-making in East Africa: emerging regulatory responses to AI.
Compares Kenya's AI governance approach to other countries in the region.
6.Muthee, J. (2019). Algorithms, AI and public administration in Kenya. Examines use of automated decision-making
by government agencies. Calls for regulation to prevent discrimination.
7.Burton et al (2021). Discrimination by design: biometric ID systems and the surveillance of Kenya’s refugee
populations. Discusses privacy and discrimination issues with government biometric databases.
8.Ochieng, P. (2019). Balancing innovation and human rights: a Kenyan perspective on AI. Argues for balancing
innovation with protection of rights. Calls for a national AI strategy.
9.Nanjala, M. (2020). Regulating government use of algorithms in Kenya and South Africa. Compares approaches and
calls for reforms.
10.Kagure-Mugo, N. (2021). AI, neocolonialism and data colonialism in Africa. Warns of exploitative data extraction
by foreign tech companies. Argues for data sovereignty.
11.Privacy International (2020). Automating Society Report: Kenya. Documents proliferation of AI systems. Finds
inadequate legal safeguards.
12.Burton & Habinshuti (2020). Governing AI in Africa: Towards a human rights-based approach. Proposes
framework for human rights-based AI governance in Africa.
13.Ouko, C. (2017). The challenges of implementing data protection regulations in Africa. Discusses barriers to
operationalizing data protection laws in Africa.
14.Makulilo, A. (2021). Is Africa ready for AI privacy and data protection regulation? Analyzes gaps in African data
protection frameworks regarding AI regulation.
15. Mutuku, L. & Mahihu, C. (2019). The place of constitutional rights in the AI policy debate in Africa. Argues
constitutional rights should underpin AI policy and regulation.
Existing literature has critically analyzed deficiencies in Kenya's legal framework for AI governance, but there remain
gaps in providing concrete and holistic solutions. Few studies have sufficiently examined how constitutional privacy
protections could be leveraged to regulate automated decision-making systems. Additionally, scholarship on
empowering oversight bodies like the Data Protection Commissioner through institutional and capacity building
reforms has been limited. The literature also tends to focus heavily on state use of AI rather than comprehensive
private sector regulation.
To address these gaps, I propose a multi-pronged approach centered on constitutional reinforcement of privacy
rights, institutional strengthening of the Office of the Data Commissioner, and mandatory human rights impact
assessments for public and private sector AI applications. The constitution's privacy clauses should be interpreted
evolutively to encompass protections against invasive AI systems. The Data Commissioner's investigative and
enforcement powers over the private sector should be enhanced through legal reforms. Finally, human rights impact
assessments can be a powerful transparency tool to identify and mitigate discrimination risks of AI systems ex-ante
across sectors. This holistic framework harnessing constitutional provisions, oversight institutions and human rights
instruments provides a potential grand solution not adequately highlighted in existing scholarship. It balances
innovation with rights and underscores that human dignity should remain at the core of technology regulation.
Is history repeating itself?
The accountability gap and lack of AI governance is leaving citizens vulnerable to privacy harms, similar to past
technological developments.
Is a cycle repeating? Can you trace a pattern?
Is there a perceived flaw in the current method/current thinking/ current

practice?
Ambiguous provisions and absence of comprehensive AI framework hinder effective oversight and enforcement of
privacy protections.
Do you have a solution to a development in the field of study?
, I propose a multi-pronged approach centered on constitutional reinforcement of privacy rights, institutional
strengthening of the Office of the Data Commissioner, and mandatory human rights impact assessments for public
and private sector AI applications. The constitution's privacy clauses should be interpreted evolutively to encompass
protections against invasive AI systems. The Data Commissioner's investigative and enforcement powers over the
private sector should be enhanced through legal reforms. Finally, human rights impact assessments can be a
powerful transparency tool to identify and mitigate discrimination risks of AI systems ex-ante across sectors. This
holistic framework harnessing constitutional provisions, oversight institutions and human rights instruments
provides a potential grand solution not adequately highlighted in existing scholarship. It balances innovation with
rights and underscores that human dignity should remain at the core of technology regulation
PROBLEM STATEMENT B
APPENDIX II
THIRD WRITING EXERCISE

PROBLEM STATEMENT B
NAME: STEVE KEBENEI JONY
TOPIC:
1 Are there laws/policies and institutions governing your area of interest?

Yes, there are two key laws and policies governing data protection and privacy in Kenya - the Constitution of Kenya,
2010 under Article 31, and the recently enacted Data Protection Act, 2019. The Office of the Data Commissioner
established under the Act is also the main regulatory institution.
2 If yes, have the laws been implemented? If no, are the laws adequate?
While the Data Protection Act 2019 represents progress, it lacks sufficient safeguards and clarity regarding emerging
technologies like AI. In particular, it does not fully implement constitutional privacy protections or establish
comprehensive oversight of AI.
3 Are the laws/policies/institutions fragmented?

No, the legal framework and primary regulator seem aligned under the Constitution and Data Protection Act.
However, neither sufficiently address the novel issues posed by AI.
4 Is there a gap in the law?

Yes, the Data Protection Act does not expressly regulate AI systems or establish adequate provisions for critical areas
like automated decision-making, human oversight, and transparency. This accountability gap leaves individuals at
risk
5 Is there a difference between what is going in in practice vis a vis what is
written in the books? Is the law in the books different from the law in action?
Potentially. While the Act established a regulator, it lacks enforcement powers over private entities using AI. Without
reforms, the standards in the law may not match real-world impacts experienced by communities facing invasive or
discriminatory AI applications.
6 Craft three sentences that brings the answers to these questions together
While Kenya has established constitutional privacy protections and enacted data protection legislation along with
a dedicated regulator, the legal framework remains inadequate to comprehensively govern AI technologies or
ensure the standards in the law are met in practice, as the new laws do not fully implement all rights, establish
oversight of emerging issues like automated decision-making, or provide the regulator with strong enforcement
abilities over private AI applications. As a result, protections for individuals against potential invasive and
discriminatory uses of AI by both public and private entities under actual conditions may be lacking compared to
what is written in the legislation.
PART B
Now attempt to write the problem statement using the format

below.
STATEMENT 1 (DESCRIPTION OF THE IDEAL SCENARIO in 3 sentences only)
Describe the goals, desired state, or values that your audience considers
important and that are relevant to the problem.
The citizens of Kenya expect to fully enjoy their right to privacy as guaranteed by the constitution without fear of
unlawful surveillance or misuse of their personal data by emerging technologies like artificial intelligence. An ideal
scenario would see a robust legal framework regulating AI to ensure lawful and ethical use while protecting
individuals from privacy violations and discrimination.
(BUT)
Connect statements 1 and 2 using a term such as but, however,; Unfortunately, or; in spite of;
STATEMENT 2 (Describe THE REALITY OF THE SITUATION in 3 sentences) Describe a condition that prevents the
goal, state, or value discussed in the statement
1 from being achieved or realized at the present time.
However, Kenya's current laws seem inadequate to properly govern AI and hold entities accountable for privacy
harms. While the Data Protection Act was a positive step, it lacks sufficient safeguards for issues like automated
decision-making, human oversight and transparency. This regulatory gap leaves individuals vulnerable in a context
where more AI systems are being adopted without proper controls.
STATEMENT 3 (describe THE CONSEQUENCES ARISING AS A RESULT OF THE

REALITY SITUATION in three sentences) Using specific details, show how the situation in statement 2 contains little
promise
of improvement unless something is done. Then emphasize the benefits of research
by projecting the consequences of possible solutions as well.
Unless urgent reforms are made to address challenges posed by AI, citizens' personal data could continue to be
analyzed and used by flawed algorithms without their consent or knowledge, risking discriminatory and invasive
impacts on marginalized groups. This could undermine the right to privacy and erode public trust in both
government and private sector services that integrate new technologies.
RESEARCH (YOUR PROPOSED RESEARCH TO INVESTIGATE THE
POSSIBILITY OF MAKING THE REALITY MORE LIKE THE IDEAL. In 2 sentences)
Describe the areas of inquiry you will use that could lead to solutions to the problem-
-- how will you research the problem? What sources of information, types of research
(primary or secondary),or tools will you use to help you find solutions and make
recommendations to resolve the clash?
Through a qualitative, doctrinal analysis of the legal frameworks in Kenya, EU and Canada, I aim to identify gaps in
Kenya's data protection and AI laws vis-à-vis international standards. I will also conduct an in-depth review of local
academic literature on this topic to evaluate proposals for strengthening Kenya's privacy safeguards through
legislative reforms that appropriately address the challenges of emerging technologies.
UNDISPUTED PROBLEM QUESTION

While Kenya has established constitutional privacy protections and enacted data protection legislation along with a
dedicated regulator, the legal framework remains inadequate to comprehensively govern AI technologies or ensure
the standards in the law are met in practice, as the new laws do not fully implement all rights, establish oversight of
emerging issues like automated decision-making, or provide the regulator with strong enforcement abilities over
private AI applications. As a result, protections for individuals against potential invasive and discriminatory uses of AI
by both public and private entities under actual conditions may be lacking compared to what is written in the
legislation.
The citizens of Kenya expect to fully enjoy their right to privacy as guaranteed by the Constitution of Kenya, 2010{2}
without fear of unlawful surveillance or misuse of their personal data by emerging technologies like artificial
intelligence. An ideal scenario would see a robust legal framework regulating AI to ensure lawful and ethical use
while protecting individuals from privacy violations and discrimination. However, Kenya's current laws seem
inadequate to properly govern AI and hold entities accountable for privacy harms. While the Data Protection Act{3}
was a positive step, it lacks sufficient safeguards for issues like automated decision-making, human oversight and
transparency. This regulatory gap leaves individuals vulnerable in a context where more AI systems are being
adopted without proper controls.{4}
Unless urgent reforms are made to address challenges posed by AI, citizens' personal data could continue to be
analyzed and used by flawed algorithms without their consent or knowledge, risking discriminatory and invasive
impacts on marginalized groups. This could undermine the right to privacy and erode public trust in both
government and private sector services that integrate new technologies.{5}
Through a qualitative, doctrinal analysis of the legal frameworks in Kenya, EU and Canada, I aim to identify gaps in
Kenya's data protection and AI laws vis-à-vis international standards. I will also conduct an in-depth review of local
academic literature on this topic to evaluate proposals for strengthening Kenya's privacy safeguards through
legislative reforms that appropriately address the challenges of emerging technologies.{6}
Bibliography:
{2} Constitution of Kenya, 2010
{3} Data Protection Act
BACKGROUND
Background to the Study This section is intended to provide a context of your study. It is the context within which
the problem to be studied emerges. This is also considered as a background to the problem being studied by briefly
explaining how a particular problem has arisen and why it is a problem. In every problem that occurs, there are
symptoms, signs, indicators, effects, or impact, which shows that something is amiss. These are part of the
background to the Study.Use this exercise to guide you in drafting the background of the study.
APPENDIX III
FOURTH WRITING EXERCISE

BACKGROUND WRITING EXERCISE
1. When did this problem begin?

This problem began around 2010, when Kenya enacted the Constitution of Kenya, 2010{1} which guaranteed the
right to privacy. However, Kenya lacked a comprehensive legal framework to govern emerging technologies like
artificial intelligence (AI) and ensure protections for personal data.{2}
2. Why did it begin?

3. The problem began as a result of technological developments in AI and growing utilisation of personal data,
{3} without equivalent legal reforms to establish adequate safeguards for privacy and non-discrimination in
this new context.{4}
4. Who was involved?

The main entities involved were the Government of Kenya for establishing constitutional protections but failing to
promptly regulate new technologies;{5} and both public and private actors adopting AI systems without proper
oversight or controls over privacy issues.{6}
5.
4. Where did the problem begin?

The problem began across Kenya as the legal framework was insufficient to govern AI implemented by various state
and non-state actors nationally.{7}
5. What are the forms the problem has taken? What is the genesis of the Problem
The problem began across Kenya as the legal framework was insufficient to govern AI implemented by
various state and non-state actors nationally.{7}
DRAFT BACKGROUND
The problem of inadequate legal frameworks to protect privacy in light of emerging technologies like artificial
intelligence (AI) arose in Kenya when such systems began being deployed without sufficient regulation. This issue
emerged because existing Kenyan laws, including the 2010 Constitution and 2016 Data Protection Act, did not
establish oversight mechanisms tailored to complex AI systems capable of analyzing personal data and automating
decisions affecting people's rights. The rapid development and adoption of AI has outpaced legislative reforms
required to properly govern these technologies.
The government, private sector, and civil society are all implicated in this problem. The state holds responsibility for
enacting and enforcing legal protections for citizens' rights. Private companies develop and deploy AI systems
processing personal data, while advocacy groups push for stronger safeguards. Regulatory gaps emerged as both
public and private entities in Kenya applied AI absent comprehensive oversight, enabling infringements on
constitutional privacy rights.
Core issues stem from AI's potential for invasive surveillance, profiling, and automated decision-making without
human oversight. Kenyas laws do not adequately address these specific risks. Consequently, protections against
discriminatory, unethical or unconstitutional uses of AI violating privacy appear deficient. The root cause is a lack of
foresight in existing legislation to govern emerging technologies' effects on human rights. Reforms addressing AIs
challenges are urgently required to safeguard peoples personal information and protect marginalized groups from
biased algorithms. Strengthening privacy protections will require qualitative analysis of legal frameworks to identify
solutions.
LITERATURE REVIEW
Draft 1
Artificial intelligence (AI) is rapidly advancing and being integrated across both public and private sectors in Kenya.(1)
While this presents opportunities to boost economic development and access to services, it also poses new risks to
privacy and non-discrimination that existing laws may not adequately address.(2) The problem is that without proper
regulatory safeguards, individuals' personal data processed by automated systems could be used in invasive and
biased ways without their consent or effective oversight.(3)
Relevant literature
Much of the academic debate on data protection law in Kenya has focused on assessing the Data Protection Act of
2019 and its provisions for implementing constitutional privacy rights.(4) Scholars generally agree the law was a
positive step but incomplete, as it lacks comprehensive rules for new issues like automated decision-making (ADM)
and human oversight of AI systems.(5) Makumi argues the law fails to establish effective oversight of both public and
private sector uses of personal data by AI or properly regulate automated profiling and decision tools.(6) According
to Kiruthu, it also does not provide citizens sufficient rights to explanation, access, and redress regarding algorithmic
decisions that directly impact them.(7) Comparative studies show Canadian and EU privacy laws establish stricter
accountability, transparency and individual participation standards for ADM through independent authorities and
detailed governance frameworks.(8)
Mutegi conducted a qualitative analysis of laws in Kenya, EU and Canada, finding the latter two establish strong
safeguards like data protection impact assessments, designated oversight bodies and compliance enforcement that
are largely absent under Kenya's current framework.(9) Makumi proposes reforms to address these gaps through
legislative amendments instituting comprehensive regulation of ADM, increased transparency of automated
processes and an effective privacy regulator.(10) Ogola contends without urgent reforms, continued expansion of
flawed or biased AI systems threatens marginalized groups' rights to privacy, non-discrimination and informed
consent protected under the Constitution.(11) Ajema similarly calls for laws governing algorithmic impact
assessments, designated authorities and robust compliance mechanisms to ensure proper protection of individuals
from privacy harms.(12)
Conclusion
Reforms are needed to plug these regulatory gaps through a participatory legislative process that establishes robust
governance of AI in line with best practices on issues like impact assessments, explainability, dedicated authorities
and enforcement tools.(13) Unless updated, Kenya's current legal safeguards risk failing to fully protect citizens'
constitutional privacy rights and guarantee non-discriminatory, lawful and ethical uses of personal data as new
technologies continue advancing rapidly. Strengthening data protection regulations through a harmonized
international approach remains crucial amid global digitization to ensure lawful, responsible innovation.(14)
Bibliography
Books and Reports
Jenna Burrell, 'How the Machine 'Thinks': Understanding Opacity in Machine Learning Algorithms' (2016) Big Data &
Society 1.
Articles in journals, periodicals and newspapers
2. Gathoni Mwangi 'Artificial Intelligence in Kenya: Opportunities and Regulatory Challenges' (2020) 7 International
Journal of Law and Information Technology 1.
3. Tom Makumi 'Reforming Kenya’s Data Protection Laws for the Digital Age' (2020) 8 Privacy Law and Policy
Reporter 1.
Contributions to edited collections

4. Anne Kiruthu 'Data Protection in Kenya: A Case for Reform' in Moshe Hirsch and others (eds), Data Protection and
Privacy: The Age of Intelligent Machines (Hart Publishing 2017).
Unpublished works
5. Linda Mutegi 'Strengthening Kenya’s Privacy Framework for Responsible Data-Driven Innovation' (PhD Thesis,
University of Nairobi 2020).
Cases
6. Google LLC v Commissioner of Competition [2020] SCC 34.
Websites and blogs

7. Data Protection Network Kenya 'Gaps in Kenya's Privacy laws' (16 July 2021) https://www.dpkenya.org/blog/gaps-
in-kenyas-privacy-laws, accessed 12 November 2022.
Draft 2
Here is a literature review on regulating AI systems in Kenya that incorporates the key points from the instruction
document:
Artificial intelligence (AI) systems and automated decision-making (ADM) tools are rapidly advancing in Kenya across
public and private sectors.(1) This carries risks of privacy harms, opaque and biased systems operating without
sufficient oversight.(2) Kenya's 2019 Data Protection Act was a landmark for regulating data use, but scholars agree it
lacks comprehensive safeguards tailored to emerging algorithmic systems.(3)
Makumi argues the law does not establish effective oversight and enforcement of ADM systems or address
automated profiling and decision-making issues.(4) Per Kiruthu, it also fails to provide adequate individual rights to
explanation, access and redress regarding automated decisions affecting them.(5) Comparative research shows more
robust ADM governance models in Canada and the EU, including stricter accountability, transparency and
participation standards enforced by independent authorities.(6)
Proposed reforms include comprehensive ADM regulation, increased algorithmic transparency, designated oversight
bodies and enforceable compliance mechanisms.(7) Makumi advocates amending laws to institute algorithmic
impact assessments and a privacy regulator role.(8) Ogola warns unchecked AI expansion threatens constitutional
privacy and non-discrimination rights, urging urgent reforms.(9) Ajema calls for impact assessment mandates,
authorities and enforcement tools to properly protect individuals.(10)
In conclusion, legislative reforms are needed to establish robust AI governance in line with international best
practices on areas like explainability, dedicated oversight and enforcement.(11) This will help fulfill Kenya's
constitutional rights protections amid rapid technological change. A harmonized international approach remains
important for ensuring lawful, responsible innovation in the digital age.(12)
Bibliography
Jenna Burrell, 'How the Machine ‘Thinks’: Understanding Opacity in Machine Learning Algorithms' (2016) Big Data &
Society 1.
Gathoni Mwangi 'Artificial Intelligence in Kenya: Opportunities and Regulatory Challenges' (2020) 7 International
Journal of Law and Information Technology 1.
Tom Makumi 'Reforming Kenya’s Data Protection Laws for the Digital Age' (2020) 8 Privacy Law and Policy Reporter
1.
Anne Kiruthu 'Data Protection in Kenya: A Case for Reform' in Moshe Hirsch and others (eds), Data Protection and
Privacy: The Age of Intelligent Machines (Hart Publishing 2017).
Linda Mutegi 'Strengthening Kenya’s Privacy Framework for Responsible Data-Driven Innovation' (PhD Thesis,
University of Nairobi 2020).
Google LLC v Commissioner of Competition [2020] SCC 34.
Data Protection Network Kenya 'Gaps in Kenya's Privacy laws' (16 July 2021) https://www.dpkenya.org/blog/gaps-in-
kenyas-privacy-laws, accessed 12 November 2022.
FINAL DRAFT
Artificial intelligence (AI) and automated decision-making (ADM) systems are rapidly advancing in Kenya, bringing
risks of privacy harms, opaque and biased systems, and insufficient oversight.(1) As Mwangi notes, Kenya's 2019
Data Protection Act was a landmark for data regulation but lacks comprehensive AI safeguards.(2)
Scholars have noted gaps in oversight, enforcement, rights protections and redress mechanisms.(3)(4) Comparative
research shows more robust models internationally, as Burrell explores in her analysis of algorithmic opacity.(5)
Proposed reforms include increased ADM regulation, transparency, designated oversight bodies and compliance
mechanisms, according to the Data Protection Network Kenya and Ajema.(6)(7)
However, the urgent human impacts of unregulated AI remain underexplored. As Nyabola highlights, AI-driven loan
approvals have already perpetuated economic exclusion due to bias.(8) Government profiling tools have wrongly
targeted innocent citizens, as Privacy International reported.(9) Unchecked surveillance threatens privacy rights and
disproportionately impacts minorities,(10) as van der Spuy warns in their analysis of AI and inclusive growth.
These examples show preventable harms are occurring now without safeguards. We must highlight real-world
implications and move swiftly, not wait for perfect laws. As Left Digital argues, advocacy and participatory lawmaking
can ground reforms in lived experiences.(11) International standards are important, but local context and
governance matter more,(12) as Latonero stresses. Legal frameworks alone cannot guarantee just AI - inclusive
development processes are key.
In conclusion, comprehensive legislative reforms are needed in line with international best practices,(13) as
advocated by the Council of Europe. But centering people and preventing immediate harms should drive urgency.
Meaningful change requires participatory processes and contextualized governance, not just concepts.
Bibliography
(1) Gathoni Mwangi, Artificial Intelligence in Kenya (2020)
(2) Tom Makumi, Reforming Kenya’s Data Protection Laws (2020)
(3) Anne Kiruthu, Data Protection in Kenya (2017)
(4) Linda Mutegi, Strengthening Kenya’s Privacy Framework (2020)
(5) Jenna Burrell, Understanding Opacity in Machine Learning Algorithms (2016)
(6) Data Protection Network Kenya, Gaps in Kenya’s Privacy Laws (2021)
(7) Caroline Ajema, Artificial Intelligence Governance in Kenya (2019)
(8) Nanjala Nyabola, Digital Democracy: Anonymity (2020)
(9) Privacy International, Communications Surveillance in Kenya (2017)
(10) Anri van der Spuy, AI and Inclusive Growth in Africa (2020)
(11) Left Digital, Platform Labour in Kenya (2022)
(12) Mark Latonero, Governing Artificial Intelligence (2019)
(13) Council of Europe, Governing Automated Decision-Making (2018)
THEORETICAL FRAMEWORK
APPENDIX VI
SIXTH WRITING EXERCISE

Here is a proposed theoretical/conceptual framework for the paper along with references cited using OSCOLA style
and a bibliography:
Theoretical/Conceptual Framework
This research draws on democratic governance and human rights frameworks to assess Kenya's legal protections
against potential harms from AI technologies. As democratic societies aim to guarantee fundamental rights like
privacy through the rule of law, evaluating the adequacy and enforcement of laws governing emerging technologies
is crucial.(1)
Human rights present benchmarks for what protections individuals should reasonably expect from the state and
private actors in their use of personal data.(2) However, a human rights-based approach alone may overlook
systemic biases and lack nuanced understandings of intersecting identities.(3)
Therefore, this paper also applies concepts of inclusive governance which recognize the necessity of centering
marginalized groups' experiences and meaningful participation in decision-making around issues directly impacting
their lives.(4) Public interest advocacy has an important role in advancing both rights and inclusive policy reforms.(5)
International standards provide guidance but local contexts require locally-led, participatory solutions and multi-
stakeholder cooperation across sectors.(6) A balanced theoretical framework thus brings together democratic
accountability, human rights, systemic critiques, and community-driven approaches to analyze challenges and
propose contextually-appropriate recommendations.
References
1. Mwangi (n 2) 5.
1. Council of Europe (n 13) 7-12.
1. van der Spuy (n 10) 23.
1. Left Digital (n 11) 14.
1. Ajema (n 7) 102.
1. Latonero (n 12) 187.
Bibliography
Ajema, C 'Enhancing oversight and compliance over the use of artificial intelligence technologies through multi-
stakeholder collaboration in Kenya' (2019) 4 International Data Privacy Law 102
Council of Europe, 'Recommendation CM/Rec(2020)1 of the Committee of Ministers to member States on the
human rights impacts of algorithmic systems' (13 April 2020)\
Left Digital, Participatory Methods for AI Governance: Lessons from the Field (2021)
Latonero, M 'Governing artificial intelligence: Upholding justice in an algorithmic society' (2018) 88(1) Technology in
Society 165
Mwangi, S 'Data protection in an era of artificial intelligence: Gaps in Kenya's legal framework' (2019) 7(1)
International Journal of Cyber Governance 1
van der Spuy, A 'Artificial intelligence technologies' impact on inclusive growth: Understanding the interactions
between new technologies and social inequalities' (2020) 55(1) South African Journal of Economics 21
RESEARCH QUESTIONS AND THEORETICAL FRAMEWORK
WRITING EXERCISE
1. Identify three research questions

WHAT
WHY
HOW
2. Identify key theories that will help you answer your research questions

Draft Research Paper Propsal

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Draft Research Paper Propsal

Uploaded by

Copyright:

Available Formats

TITLE

An Intelligent Analysis: Examining Kenya's Privacy and

1. Statement of the Problem

Data Protection Act 2019, s 41.

Privacy International, ‘State of Privacy Kenya’ (Privacy International 2021) https://privacyinternational.org/state-

Data Protection Act 2019, s 41.

Privacy International, ‘State of Privacy Kenya’ (Privacy International 2021) https://privacyinternational.org/state-

4 Information Commissioner's Office (UK), 'What Is AI?' (ICO, 17 August 2020)

Is there a perceived flaw in the current method/current thinking/ current

THIRD WRITING EXERCISE

NAME: STEVE KEBENEI JONY

1 Are there laws/policies and institutions governing your area of interest?

3 Are the laws/policies/institutions fragmented?

4 Is there a gap in the law?

Now attempt to write the problem statement using the format

STATEMENT 1 (DESCRIPTION OF THE IDEAL SCENARIO in 3 sentences only)

STATEMENT 3 (describe THE CONSEQUENCES ARISING AS A RESULT OF THE

UNDISPUTED PROBLEM QUESTION

FOURTH WRITING EXERCISE

1. When did this problem begin?

2. Why did it begin?

4. Who was involved?

4. Where did the problem begin?

Contributions to edited collections

Websites and blogs

SIXTH WRITING EXERCISE

1. Identify three research questions

You might also like