The right to privacy is considered a fundamental right and is protected in law across the world including Kenya as is detailed in the Bill of Rights. It denotes “that are of individual autonomy in which human beings strive to achieve self-realization alone or together with others.” The UN Human Rights Special Rapporteur on Freedom of Expression has presented privacy as the ability of individuals to determine who holds information about them and how that information is used.

As for the UN Human Rights Committee, privacy, as envisioned in the International Covenant for Civil and Political Rights, refers to “a sphere of a person’s life in which he or she can freely express his or her identity, be it by entering into relationships with others or alone.” The right to privacy encompasses information privacy, bodily privacy, privacy of communication, territorial privacy, and surveillance.

Numerous Kenyan HRDs have raised concerns about their mobile phones being tapped and their communication intercepted.5 Due to the negative implications on their security and that of their family, these experiences have had a chilling effect on the exercise of their rights and freedoms of expression, association, and assembly. It is essential to ensure that HRDs are not the subject of unlawful surveillance practices and that they are able to do their work without fear of snooping by anyone is of paramount importance.

Due to the constitutional and statute-based protection of private communications in Kenyan law, lawful surveillance must meet minimum standards provided in law necessary in a democratic society to achieve a legitimate aim. Individuals must be protected against arbitrary interference with their right to communicate privately. When a government wishes to conduct communications surveillance, it must only be done in accordance with the law7. In CORD v Attorney General (supra) it was held that “…surveillance in terms of intercepting communication impacts upon the privacy of a person by leaving the individual open to the threat of constant exposure. This infringes on the privacy of the person by allowing others to intrude on his or her personal space and exposing his private zone.”

This report analyses the needs, concerns, and areas of interests for HRDs in relations to privacy, data protection, and communications surveillance. It also establishes how surveillance impacts HRDs work and their role as actors of change in society. Human rights work demands the use of communication tools ranging from face-to-face, traditional communication mediated tools like telephone and now, digital tools. All these provide varying degrees of risk, which are also specific to the work the HRDs are engaged in, as well as contexts. Examining the risk levels based on these specifics as well as finding the best-suited measures will be important for continued HRDs protection. Lastly, the report offers recommendations to various actors including HRDs to assist them in the development of intervention and advocacy strategies.

Key findings:

The report captures a number of findings a:

• HRDs have high level of awareness of a number of aspects of communication surveillance, and the threats they pose to their work.

• There are various sources of information surveillance with hackers and scammers perceived as the most likely source followed by the intelligence service, and telecommunications and Internet service providers. Other sources identified include criminals, employers, friends, private companies, and families.
• HRDs perceive corporates and security forces as the ones trying to access their information, including through using friends and family members to monitor and collect information on them.
• Majority of HRDs believe that they have already been under communication surveillance because of their work. This includes through phone tapping and hacking of their social media and email accounts.
• HRDs are aware of behaviours that may put them at risk of surveillance and most have taken measures to reduce them. Face-to-face communication is perceived as the most secure in the survey; sending email and SMS without encryption are perceived as least secure.
• The most common ways that HRDs secure their communication gadgets include use of passwords which they change regularly, customising privacy settings to limit what data the cookies can access; views on social media, regular password changes, regular check of information to be collected, and use of different communication tools. Reluctance to accept phones and computer donations, securing and disguising footprints were also ratedhighly. HRDs are also exercising a lot of caution in what they share online.

• HRDs are concerned about the safety and privacy of their personal and work related information. However, there are varying outcomes on the different apprehensions with gaps between concerns about online surveillance and the actual practice of information sharing.

• Majority of the HRDs though aware of the Data Protection Act are not well acquainted with its provisions and implications, including the role of the Data Commissioner.

• Majority are concerned that the data collected as part of measures to address COVID-19 pandemic is not in safe hands of the government or corporates.

• HRDs are suspicious of the biometric data collected by the National Integrated Information Management System (NIIMS) or huduma number.