Assessment of Independence of Regulatory Structures Governing Data Protection and Privacy in East Africa: A Case Study of Kenya and Tanzania

Abstract

In an era of widespread digital information exchange, protecting personal data and privacy has become crucial. East African countries such as Kenya and Tanzania have implemented regulatory structures to address these concerns. However, the effectiveness and independence of these structures raise questions, necessitating a comprehensive assessment. Therefore, this study investigates the question of the independence of data protection authorities in East Africa with a particular focus on Kenya and Tanzania. This study was guided by three questions, namely, do the structures of data protection authorities in Kenya and Tanzania affect their independence? Are the data protection authorities in Kenya and Tanzania sufficiently funded to run their duties? And are the tenures of Commissioners of data protection authorities in Kenya and Tanzania secured? The study engaged two approaches: doctrinal legal research methodology, which analyses law in the form of legislation, case law, and international instruments, as well as comparative legal research methodology, which involves comparative analysis of identified criteria from Kenya and Tanzania. It was observed that the Kenyan data protection authority is more independent than the Tanzanian data protection authority.