With the rapid industrial revolution and digitization in Kenya and globally, coupled with access to the internet via various devices, children are vulnerable to various risks such as child trafficking, prostitution, child pornography, trafficking, early age exposure to alcohol advertising, cyberbullying and crimes like identity theft. The Communications Authority of Kenya (“CA”), established under the Kenya Information and Communications Act, 1998 (“KICA”) as the regulatory authority for Information Communication and Technology, has undertaken measures to protect children from these risks. For instance, in 2021, the CA launched a three-month campaign aimed at creating awareness to protect children.
Recently, the CA developed draft Industry Guidelines for Child Online Protection and Safety in Kenya (“Draft Guidelines”). These Draft Guidelines are issued pursuant to the KICA (Consumer Protection) Regulations, 2010 (“Consumer Protection Regulations”).
Who is a child under Kenyan law?
A child is defined under the Constitution of Kenya, 2010 and the Children’s Act, 2001, to mean any human being under the age of eighteen years. Under these laws, a child is entitled to protection from any form of abuse, including psychological abuse and any form of exploitation. As indicated above, online access exposes children from various forms of abuse and exploitation. The Draft Guidelines thus seek to ensure that ICT sector players guarantee children with the right to access information whilst protecting them from such exploitation or abuse stemming from the use of ICT services and products.
Who is affected by the Draft Guidelines?
The Draft guidelines will apply to ICT sector players, including licence holders under KICA; product and service providers in the value chain of designing, producing, deploying and use of communication products and services in Kenya; and products and services that target children including children with disabilities.
Of main concern is that, while the Draft Guidelines are developed pursuant to the KICA, their application is arguably extended to entities, products and services which are not governed by the act – normally these regulations should apply to licensed entities under KICA providing telecommunication services or operating telecommunication systems. The generalization of ‘products and services that target children’ leaves room for very broad application.
Obligations under the Draft Guidelines
Licensees, products and services targeted under the Draft Guidelines will be required to implement a corporate child online protection and safety policy and strategy (“Policy”).
The Draft Guidelines briefly highlight the main components to be contained in the Policy including: the structure of personnel and resources to be used in the implementation of the Policy; audit and risk assessment measures; and mechanisms for infusing child online protection and safety issues, risks and opportunities in the design and development of products and services.
Implementation of these Policy components may require sector players to educate parents and children on their rights and duties, and to upskill employees on operationalizing child protection measures. While sector players will incur additional costs as a result, it will help innovation and boost the market for child appropriate products and services.
With the Policy components barely explained, there is a risk of uncertainty in the development of Policies by sector players. It remains to be seen whether the CA will provide comprehensive and explanatory guidelines for the Policy components that will ensure that the objective of the Draft Guidelines is met.
Status of the Draft Guidelines
As part of the legislative process in Kenya, the CA invited comments in respect of the Draft Guidelines from the general public and all interested parties which were to be submitted by April 22, 2022. Based on the comments received, the CA will review and update the Draft Guidelines and where necessary, involve the Ministry of Information Communication and Technology (ICT). Once finalized by the CA, these Draft Guidelines will be published in the Kenya Gazette and consequently come into effect.
Implementation timelines of the Draft Guidelines
Upon publication of the Draft Guidelines by the CA in the Kenya Gazette, ICT service providers subject will have a six (6) month period to implement them. On the other hand, new licensees will have a grace period of six (6) months after obtaining the licence to implement the Draft Guidelines.
Whilst the Draft Guidelines do not provide any penalties for non-compliance, it is likely that once enacted (as currently drafted), the CA will be warranted to issue sanctions based on its mandate under KICA to regulate the ICT sector. Some of the enforcement powers that CA has include payment of penalties, licence revocation and suspension.
We will monitor the development and progress of these Draft Guidelines and provide updates as and when we are able to.