By Ongaga Ongaga
The Computer Misuse and Cybercrimes Act is largely constitutional, the Court of Appeal of Kenya has ruled, dismissing most claims challenging the law.
In a judgment delivered by Justices Patrick Kiage, Aggrey Muchelule and Weldon Korir, the appellate court rejected arguments that the law violated constitutional rights.
The judges dismissed claims of unconstitutionality raised by the Bloggers Association of Kenya (BAKE) in an appeal challenging an earlier High Court decision that had upheld the legality of the Act.
BAKE had filed the appeal on 42 grounds against a High Court judgment delivered on February 20, 2020 by Justice Onesmus Makau, who had ruled that the Act was constitutional.
In the appeal, the bloggers’ association challenged up to 24 sections of the law, arguing that several provisions violated constitutional rights, including the right to privacy.
One of the contested provisions was Section 50 of the Act, which allows investigative authorities—through a court order—to compel service providers to disclose subscriber information and traffic data during cybercrime investigations.
BAKE and supporting respondents argued that the section violated the right to privacy under Article 31 of the Constitution and failed to meet the limitation standards set out in Article 24.
However, the respondents—including the Attorney General of Kenya, the National Assembly of Kenya, the Inspector General of Police and the Director of Public Prosecutions—argued that the provision is necessary for investigating cybercrime and includes adequate safeguards.
In their ruling, the appellate judges said they were satisfied that the provision “serves a legitimate and important objective.”
They added that it aligns with the Constitution and is “rationally related to the aim of the Act,” noting that it contains sufficient judicial oversight to ensure that any limitation of privacy rights remains reasonable.
The court also dismissed concerns about provisions allowing security agencies to collect real-time traffic data for up to six months during cybercrime investigations.
“The length of the period may be necessitated by the kind of crime under investigation. The fact that the collection will be over a length of time does not itself render the provision unconstitutional,” the judges ruled.
On claims that police could obtain information without a court order, the bench acknowledged the concerns but noted that certain situations require urgent action.
“In the circumstances, we do not find merit in the appellant’s argument that all investigative steps should be preceded by the issuance of a court order,” the judges stated.
However, the court partially allowed the appeal by declaring Sections 22 and 23 of the Act unconstitutional.
The two provisions criminalized the publication of alleged false information.
According to the judges, the sections were too broad and risked targeting innocent individuals.
“In the end, this appeal partially succeeds to the extent that we find Sections 22 and 23 of the Act unconstitutional for being too broad to the extent that they are likely to net innocent persons,” the bench ruled.
Apart from this variation, the court dismissed all other grounds of appeal.