Kenya has passed a new data protection law in the hopes of attracting more foreign technology companies into the country.
The law, which was approved by Kenyan President Uhuru Kenyatta last week, complies with European Union legal standards, placing restrictions on how personal user data can be handled, stored and shared.
“Kenya has joined the global community in terms of data protection standards,” Joe Mucheru, minister for information, technology and communication, told Reuters.
Local firms including Kenya Airways, tourist hotels and phone-based lenders such as Safaricom will now have to comply with the new regulations. If the law is violated, offenders face a maximum fine of 3 million shillings ($29,283) or two years in jail.
“It will come down to implementation and enforcement, but we have been waiting on this for seven years, so it is a start,” said Nanjira Sambuli, a senior policy manager at the World Wide Web Foundation.
In addition, Amazon Web Services announced on November 8 that it will set up part of its cloud infrastructure in Nairobi.
“I’m delighted to welcome AWS’s investment in Kenya. The launch of Amazon CloudFront will put us in the forefront of accelerated innovation – enabling startups, enterprises and our government agencies to focus on building the best user experience,” President Kenyatta said in a statement.
Nairobi will become the third city in Africa to have an AWS location, with the other two in Johannesburg and Capetown. AWS Vice President Teresa Carlson added that the eCommerce giant will also provide training in digital skills, as well as help create jobs for the country’s youth.
In addition to boosting foreign investment, the new legislation will hopefully give a boost to the country’s plans to digitize identity records for its citizens.
“The lack of a data privacy law has been an enormous lacuna in Kenya’s digital rights landscape,” said Nanjala Nyabola, author of a book on information technology and democracy in Kenya.