STRENGTHENING KENYA’S DIGITAL CIVIC SPACE: YOUTH-INFORMED POLICY BRIEF

Download policy

Cyber Rights Campus Connect – The Youth Café

KEY MESSAGES

  1. Youth at the Center of Digital Rights Reform
    Kenya’s young people are both the most vulnerable to online harms and the most critical actors in shaping a safer, rights-respecting digital future.

  2. Urgent Gaps in the CMCA 2018
    Sections 27 and 37 of the Computer Misuse and Cybercrimes Act (2018) address cyber harassment and wrongful distribution of intimate images but remain inadequately enforced, vague in scope, and insufficiently adapted to emerging threats such as deepfakes and AI-generated content.

  3. Digital Transformation Brings New Opportunities—and Risks
    The rise of AI and Digital Public Infrastructure (DPI) creates immense potential for youth empowerment, innovation, and democratic participation, but also poses risks of misinformation, privacy breaches, and digital exclusion.

  4. Youth-Led Insights Driving Policy Change
    The Cyber Rights Campus Connect initiative engaged over 1,000 youth through on-site and online dialogues, producing actionable, youth-informed recommendations now ready for parliamentary consideration.

  5. Call for Multi-Stakeholder Action
    Effective reform requires collaboration among government, tech platforms, academic institutions, and civil society to strengthen enforcement, enhance awareness, and promote equitable access to digital spaces.

  6. Commitment to a Safer Digital Civic Space
    Implementing these recommendations will enhance legal protection, build digital literacy, and create a more inclusive environment where all Kenyans, especially youth, women, and marginalized groups, can safely participate online.

INTRODUCTION

This youth-informed policy brief, developed under the Cyber Rights Campus Connect initiative by The Youth Café in partnership with KICTANet and Internews, highlights critical gaps in Kenya’s digital governance. Emerging from a policy hackathon held on 16th May 2025 during the Africa Tech Policy Summit (AfTPS), the initiative aimed to empower human rights defenders and organizations to co-create policy innovations and align Kenya’s digital policies to address online safety, data protection, and content moderation challenges.

The project engaged university students and experts to address limited awareness of the Computer Misuse and Cybercrimes Act (CMCA) 2018—particularly Sections 27 (cyber harassment) and 37 (wrongful distribution of intimate images). Findings reveal widespread misinterpretation, leaving young people—especially women and marginalized groups—vulnerable to harassment, cyberbullying, and online exploitation.

Kenya’s vibrant digital landscape is undermined by misinformation, weak enforcement, and inadequate safeguards. While the CMCA was introduced to strengthen online protections, its vague wording and enforcement gaps diminish its effectiveness. Meanwhile, rising AI technologies, deepfakes, and digital public infrastructure bring both opportunities and heightened risks of privacy violations, exclusion, and algorithmic bias.

The initiative calls for reforms grounded in constitutional rights, strengthened legal clarity, broader awareness, and inclusive redress mechanisms. Central to this effort is meaningful youth participation—ensuring that students and young professionals are not only protected but empowered to shape Kenya’s digital future.

PROBLEM OVERVIEW

Young Kenyans engaging in digital civic discourse face rising threats from harassment, cyberbullying, and non-consensual intimate image distribution. Limited understanding of CMCA 2018 leaves many vulnerable—both as victims and unintentional offenders. Section 27 and Section 37 are frequently misinterpreted, while the law lacks specific safeguards for vulnerable groups such as children, persons with disabilities, and gender minorities.

Legal experts and digital rights advocates highlight key concerns: vague language, potential misuse to suppress free expression, inadequate penalties, and the absence of guidelines for takedown processes. The Act also does not address pseudonymous accounts and fake profiles that facilitate harassment and misinformation.

Comparative analysis across other Commonwealth jurisdictions—such as the UK, Australia, and Canada—reveals more robust legal responses, including stronger penalties, rapid takedown systems, and explicit recognition of synthetic media and deepfakes. Kenya’s absence of statutory recognition for emerging threats increases citizen vulnerability to advanced forms of digital abuse.

KEY FINDINGS AND YOUTH-INFORMED RECOMMENDATIONS

1. Strengthen Awareness Campaigns

The discussions emphasized addressing the knowledge gap that exposes youth to digital abuse or leads them to unintentionally become perpetrators. Awareness of rights and responsibilities is central to safe online engagement. With strong student participation both on-site and online, the initiative demonstrated youth leadership in informing policy proposals now being prepared for parliamentary submission.

2. Strengthening the CMCA 2018

Mandatory Takedown Procedures
– Establish clear legal procedures for swift removal of harmful content, especially non-consensual intimate images.

Criminalize Deepfakes and AI-Generated Content
– Introduce offenses targeting malicious use of AI-altered images, deepfakes, voice synthesis, and similar tools.

Strengthen Penalties
– Increase penalties to reflect the seriousness of cybercrimes.

Address Pseudonymous Accounts
– Develop accountability frameworks for crimes committed using anonymous or fake profiles.

3. Improving Enforcement and Redress Mechanisms

Capacity Building
– Enhance DCI and NCCIC capabilities in AI forensics and digital investigations.

Clear Reporting Channels
– Establish user-friendly reporting portals and hotlines for different cybercrimes.

Victim Support
– Provide psychological counseling, legal aid, and rapid redress structures.

4. Fostering Multi-Stakeholder Collaboration

– Establish a permanent Youth-Digital Policy Lab in partnership with KICTANet.
– Formalize collaboration between universities, DCI, and ODPC to support youth engagement and expert-driven policy dialogues.

5. Capacity Building

– Implement regular training, bootcamps, and workshops on digital rights and cybersecurity.
– Strengthen institutions such as ODPC and DCI to better respond to youth-driven digital rights issues.
– Support youth access to AI and cybersecurity tools to counter emerging threats.

6. Policy Advocacy

– Develop a national youth digital advocacy strategy.
– Ensure youth representation in parliamentary committees and digital governance bodies.
– Provide grants to youth organizations working on digital rights.
– Establish M&E frameworks to track implementation of CMCA reforms.

CRITIQUES OF CMCA KEY PROVISIONS

Section 27 – Cyber Harassment

Strengths:
– Recognizes online harassment as a criminal offense.
– Allows courts to issue protection orders and require electronic data disclosure.

Weaknesses:
– Vague language (“annoyance,” “inconvenience,” “distress”) creates legal uncertainty.
– Risks misuse against journalists, bloggers, and activists.
– Lacks clear criteria defining digital harassment.

Section 37 – Wrongful Distribution of Intimate Images

Strengths:
– Recognizes harm caused by non-consensual intimate image sharing.
– Offers protections particularly relevant to women and girls.

Weaknesses:
– Penalties are too low to deter offenders.
– Does not address threats, deepfakes, or manipulated content.
– Lacks mechanisms for expedited takedown of harmful material.

KEY RECOMMENDATIONS

1. Redraft Sections 27 and 37

Refine definitions, protect legitimate expression, introduce provisions targeting synthetic media, and ensure intentional misconduct is clearly identified.

2. Introduce Civil Remedies

Enable urgent takedown orders, compensation for victims, and accessible non-criminal pathways for justice.

3. Nationwide Awareness Campaigns

Roll out large-scale digital rights education focusing on youth spaces such as universities and community hubs.

4. Establish an Independent Digital Safety Commission

Modelled after Australia’s eSafety Commissioner—responsible for victim support, compliance oversight, and national education.

5. Youth Engagement in Policymaking

Include youth organizations in committees, consultations, and policy working groups.

6. Enhance Cross-Border Cooperation

Ratify key instruments such as the Budapest Convention to strengthen global cybercrime response.

7. Mandate Platform Accountability

Require platforms to respond promptly to takedown requests, enhance content moderation, and cooperate with law enforcement.

CONCLUSION

Kenya is at a pivotal moment in defining a safe, inclusive digital future. Despite progress through the CMCA (2018), significant gaps persist—particularly in adapting to technologies such as AI and deepfakes, strengthening enforcement, and safeguarding youth and marginalized groups.

The Cyber Rights Campus Connect initiative demonstrates the central role of youth in identifying challenges and proposing actionable reforms. By adopting these recommendations, policymakers can modernize digital governance, uphold constitutional rights, and build a civic space where innovation, safety, and participation thrive.