This blog post aims to highlight the critical issues surrounding digital health in Kenya and the urgent need for a robust legal framework to protect human rights in the digital age.
By Olendo Obondo
KELIN collaborated with Privacy International (PI), The Digital Health and Rights Project (DHRP), ICJ-Kenya, Haki Na Sheria Initiative, and STOPAIDS to make a joint submission to the United Nations Committee on Economic, Social and Cultural Rights hereinafter, UN CESCR during the 49th Pre-session held in Geneva Switzerland between 18th to 21st February 2025.
These partner organizations have observed, individually and collectively, the increasing digitalization and use of technologies such as smart phones, laptops and even within the Digital Health initiatives and its negative impact on human rights, in the delivery of social security and healthcare in Kenya Two representatives from KELIN and PI raised concerns regarding upholding the right to health in the context of the digital transformation in the health sector, which concerns Articles 2 and 12 of the International Covenant on Economic, Social and Cultural Rights and these were some of the issues raised:
- Digital Health Initiatives & Legislation
The Kenyan government and private sector have implemented digital health initiatives such as the Digital Health Act and Kenya Digital Health Strategy 2025-2028, but these have been deployed across the country in an ineffective and fragmented regulatory environment. Prior to 2023, there had been no specific legislation on digital health. There has been weak enforcement of the Data Protection Act 2019 in relation to processing of personal health data. The Digital Health Act, which was passed in 2023, had been declared unconstitutional by the Kenyan High Court in July 2024 due to lack of public participation and violation of constitutional provisions. The High Court’s decision was subsequently appealed by the Cabinet Secretary for Health. Following this appeal, the Court of Appeal granted a stay of the High Court’s decision, allowing the interim implementation of this law pending the outcome of the appeal.
- Surveillance of Women and Girls Living with HIV
A 2023 study by KELIN found that HIV index testing negatively impacts access to sexual and reproductive health services among young women and girls in Kisumu County. Participants noted a lack of training in data privacy and data security issues among healthcare providers, and concerns about involuntary disclosure of HIV status and confidentiality breaches.[1]
- Safe Access to Accurate Sexual and Reproductive Health Information
Despite the rise of technology-based tools for accessing sexual and reproductive health information online, concerns remain around the accuracy of the information being shared as well as privacy and confidentiality when such tools are used, including in relation to how the personal data of those seeking information online will be used and shared. Expansive data processing activities resulting from the use of such tools can lead to heightened risks to users’ privacy, which in a context where we have criminalization of sexual and reproductive healthcare such as access to safe abortion, the risk is further heightened.
- National Digital Identity Systems
Privacy International (PI) raised concerns about Kenya’s National Digital Identity Systems and their impact on the right to social security and an adequate standard of living. The Huduma Namba project, introduced in 2018, aimed to create a centralized database (NIIMS) but faced criticism for lacking public consultation and adequate safeguards, leading to the exclusion of vulnerable communities. In 2020, the Kenyan High Court halted the project until a proper regulatory framework was established.
In 2023, the government introduced the Maisha Namba, an identity ecosystem with four components: Maisha Namba, Maisha Card, Digital ID, and the National Population Master Register. However, this new system also faced issues, including inadequate regulation of personal data processing and safeguards against misuse. The system’s flaws risk excluding individuals from social protection programs and entrenching inequality, violating fundamental rights under the ICESCR. PI recommends that Kenya reviews the Maisha Namba system to ensure it aligns with human rights obligations and adopts safeguards to prevent exclusion and data misuse.
Recommendations:
In our written briefing to the Committee, we suggested further recommendations to the Kenyan government to address the above concerns.
We recommended that the Kenyan government adopt an effective legal framework to guarantee a human rights-based approach in the design and deployment of digital health technologies by the government and non-state actors, with meaningful participation of affected communities. Specifically, by implementing the Digital Health Act 2023.
We also recommended that steps are taken to ensure the necessary protections mentioned above are in place for all, women and girls, persons living with HIV, and young people, to access sexual and reproductive health information and services safely and securely.
Finally, we recommended the adoption of a strong regulatory framework to protect the confidentiality and privacy of their data and health status, including through the effective implementation of the Data Protection Act, 2019.
[1] https://acrobat.adobe.com/id/urn:aaid:sc:EU:7f06912a-dfe0-4b01-b3d5-68afd0b23d6b
