By Daniel Kamau
The government’s plan to sell data collected by eCitizen and other state agencies has sparked debate over privacy concerns versus the value of information in the digital economy.
While officials see the initiative as a new frontier for Kenya’s digital economy, critics argue that issues of privacy, consent, and the state’s capacity to safeguard citizen data must be carefully addressed.
According to the Ministry of Information, Communications and the Digital Economy, the proposed marketplace would only trade in non-personal, anonymised and aggregated data, excluding information that can directly identify individuals.
The policy, developed under the leadership of Cabinet Secretary William Kabogo Gitau, describes data as a strategic national asset capable of driving innovation, improving service delivery, and generating economic value.
The Draft Final National Data Governance Policy, published in May 2026, aims to establish a government-regulated platform where companies, researchers, innovators, and non-governmental organisations can access and purchase datasets generated from public services and government functions.
“Data is no longer merely a by-product of transactions or administration,” the Cabinet Secretary states in the policy’s foreword. “It is a strategic national asset that can strengthen governance, improve service delivery, promote innovation, and accelerate inclusive socio-economic transformation.”
Under the proposal, datasets that could be made available include traffic movement patterns, regional agricultural production statistics, business registration trends, immigration and passport application volumes, and county-level demand for public services.
To implement the initiative, the government plans to establish the National Data Governance and Emerging Technologies (DGET) Council, which would oversee the platform.
However, the proposal has raised concerns among privacy advocates and digital rights experts, who question whether citizens have provided consent for the commercialisation of their data.
The draft policy acknowledges that many citizens are unaware of how personal data is used to produce anonymised datasets for commercial purposes.
Critics argue that despite government assurances that personal information will not be sold, millions of Kenyans who registered on platforms such as eCitizen were never informed that aggregated versions of their data could later be monetised.
Experts have also raised concerns about the risk of re-identification, where anonymised datasets can be combined with other information to reveal individual identities.
Another issue highlighted in the policy is the government’s own assessment of weaknesses in Kenya’s existing data governance framework.
The document notes that enforcement of current data laws remains weak due to unclear institutional responsibilities, limited technical capacity, and penalties that are insufficient to compel compliance.
It also acknowledges the absence of comprehensive accountability mechanisms governing how public institutions handle citizen data, as well as a lack of enforceable remedies when data is used outside its intended purpose.
The draft policy has not yet been approved by Cabinet and would require enabling legislation under a proposed Data Governance Law before the marketplace can become operational.
