The Communications Authority of Kenya (CA) has clarified that the Kenya Revenue Authority (KRA) will not have access to citizens’ private data, addressing concerns about possible privacy law violations.
CA Director General David Mugonyi, speaking to the National Assembly's Committee on Communication, Information, and Innovation, highlighted the authority's commitment to safeguarding Kenyans' data even amid new government directives.
Starting January 1, 2025, a new KRA directive mandates all importers and mobile device assemblers to submit International Mobile Equipment Identity (IMEI) numbers as part of a more significant push for tax compliance.
Did you read this?
While this regulation is designed to monitor imported devices, legislators questioned the potential for privacy breaches, expressing concerns that the policy could enable broader government access to personal information.
Dagoretti South MP John Kiarie voiced fears over the potential misuse of IMEI data, suggesting it could discourage digital transactions due to surveillance concerns. He emphasized the need for assurances that citizens’ data remains secure.
In response, Mugonyi assured MPs that the primary aim is to ensure only compliant devices enter the Kenyan market and confirmed that KRA would not gain access to personal data on individuals' devices.
He explained that the IMEI system is designed to validate imported devices and enforce tax compliance without impacting users' mobile transactions.
Mugonyi also clarified enforcement mechanisms, noting that individuals activating devices without settling applicable taxes would receive a notification, while unregistered devices would be blacklisted from connecting to local networks.
A temporary ‘greylist’ would also apply for diplomats and tourists, offering a grace period to comply with regulations.
Tetu MP Geoffrey Wandeto raised questions about CA's capacity to enforce these rules, to which Mugonyi reiterated that the system is focused on enhancing compliance and ensuring safe imports.