'The less you share online, the better,' data protection boss tells Kenyans

The less you share online, the safer you are.

That was the blunt message from Kenya's Data Protection Commissioner Immaculate Kassait as regional regulators convened in Nairobi for the East Africa Data Governance Conference.

The two-day conference held last week, organised by the Open Institute and Amnesty International, brought together data protection regulators from Kenya, Uganda and Tanzania to address growing concerns about digital surveillance, cross-border data sharing and the adequacy of existing protections as the region becomes increasingly interconnected.

Kassait said that the rise of digital platforms has reshaped how citizens interact with political processes, but this evolution carries significant risks. 

She called for restraint as the most effective shield against harm, especially as political temperatures rise. 

"I think, please embrace data minimisation as a person. The less you share about yourself, the safer you are online," the commissioner said.

"Please make sure that you always ask questions. Don't tick terms and conditions accepted. Ask yourselves what terms and conditions mean. Is your data being shared across platforms?"

With what observers describe as a surge in ‘mudslinging’ and the potential for personal data to be weaponised for surveillance, Kassait outlined measures including guidance notes for electoral processes, which her office has implemented ahead of the elections.

"We continue to engage with the relevant stakeholders, both IEBC (Independent Electoral and Boundaries Commission) and political parties, to create awareness on what personal data means in the area of election," she said.

The risks are not merely theoretical; they often manifest as physical threats. 

A survey by the Defenders Protection Initiative revealed a disturbing trend where online digital monitoring escalates into physical abductions by unmarked vehicles. 

But beyond national measures, regulators are racing to establish a harmonised East African framework to govern how data flows across borders.

While such harmonisation could create a protective shield for citizens, it risks becoming a centralised "dashboard" for regional intelligence agencies if adequate safeguards are not embedded from the outset.

Al Kags, executive director of the Open Institute, framed the regional framework as essential for moving beyond narrow conceptions of data ownership.

"Our biggest goal with this platform is to try and make sure that Kenyans start having very real collaborative conversations about how we handle our data, because data governance is more than just protection," Kags said.

When asked how citizens can protect themselves against executive overreach in data sharing, Kags emphasised grassroots empowerment, but said that all actors—state, institutions and individuals—must uphold the law. 

"One of the things we've done is to make sure that citizens take charge of their own rights.

"We speak a lot at citizen level. We are working in various counties to just make sure that citizens are aware of what they are supposed to be doing, what their responsibilities are, what their rights are,” he said.

But even as panelists discussed the development of a unified EAC Data Governance Policy Framework—to harmonise data protection laws across Kenya, Uganda, Tanzania, Rwanda, Burundi, South Sudan and DRC—and prevent ‘regulatory shopping’ by tech companies, there have been rising concerns  about governments sharing data across borders.

Activists and opposition figures in the region have increasingly alleged that digital surveillance is being used to target journalists, politicians and civil society.