Okoiti v. Communications Authority of Kenya

Facts 
In January 2017, Kenya’s Communications Authority (CAK) announced plans to implement a Device Management System (DMS) that would allow access to mobile subscribers’ data—including call records—to combat counterfeit and illegal devices. Okiya Okoiti, executive director of Kenyans for Justice and Development Trust, filed a petition at the High Court challenging the DMS. He argued that the system lacked adequate public participation, posed a serious threat to privacy, and would allow government “snooping” on calls, texts, and transactions. The case named the CAK, the company installing the system (Broadband Communications Networks Ltd), the Cabinet Secretary for ICT, and the Attorney General as respondents. Mobile network operators and civil society organizations joined as interested parties.

Legal Question 
Did the Communications Authority’s plan to implement the DMS violate subscribers’ constitutional right to privacy, and was the system adopted in accordance with legal and constitutional requirements?  

Decision 
The Court ruled that the DMS posed an unconstitutional threat to subscribers’ privacy and was invalid. The Court held that the right to privacy, central to dignity and democracy, can only be limited by law in a manner that is necessary, proportionate, and least restrictive. CAK failed to demonstrate that DMS met these criteria, or that less intrusive alternatives were inadequate. Moreover, CAK lacked statutory authority to combat illegal devices through such surveillance, and the public participation process was insufficient. The Court declared the DMS unconstitutional, null, and void, and prohibited its implementation.

The decision affirmed the importance of privacy and procedural safeguards in a digital age.

Legal Instrument(s): The Constitution of Kenya