In a data privacy notice, the Erastus Ethekon-led commission
said the arrangements are lawful, necessary for election management and
protected under data protection laws.
The commission’s explanation comes amid heightened political
pressure and allegations by opposition leaders that collaboration between the
IEBC and government agencies could compromise the integrity of the 2027 General
Election.
In the newly released privacy framework, the IEBC details
the circumstances under which it shares personal data collected from voters,
candidates, election officials, and other stakeholders.
The commission says data may be shared with government
agencies such as the National Registration Bureau, Civil Registration Services
and the Directorate of Immigration Services.
The primary aim, the IEBC says, is identity verification and
the maintenance of an accurate voter register.
The commission adds that certain information may be
disclosed to law enforcement agencies where required by law.
A case in point was in 2013 when the IEBC worked with
agencies for a forensic analysis of Kethi Kilonzo's private documents,
including her ID and passport.
Contracted service providers involved in election technology
and logistics may also access the data under strict confidentiality agreements.
The IEBC insists that the arrangements are routine and
grounded in the law.
“IEBC processes personal data lawfully under constitutional
and statutory obligations,” the commission said, adding that all information is
safeguarded.
In February, DP leader Justin Muturi accused the IEBC of
entering into a ‘secret’ Memorandum of Understanding with the Office of the
President, alleging that the arrangement could expose voter data to
manipulation.
Muturi claimed the IEBC top officials’ meetings with the
National Registration Bureau could be used to influence the election through
manipulation of national identity records.
The Democratic Party leader demanded immediate disclosure of
any data-sharing agreements between the IEBC and state agencies.
He also called for the electoral body to withdraw from any
joint task forces that could undermine its independence.
At the time, the IEBC strongly denied the allegations,
insisting that its engagement with agencies such as the National Registration
Bureau was limited to legally mandated verification exercises.
It said the exercises were intended to clean up the voter
register by identifying duplicate records and removing deceased persons.
The commission maintained that it retains exclusive custody
and control of the voter register.
However, the issue has refused to fade from public debate,
especially amid opposition leaders’ concerns.
The IEBC holds sensitive biometric data, including
fingerprints, facial images and iris scans collected during voter registration.
For critics, while inter-agency cooperation may be legally
permissible, there is a need for detailed public disclosure on how data is
accessed, shared and protected.
By April, Muturi and his colleagues had intensified their
push for reforms. They called for a forensic audit not only of the voter
register but also of the population master register.
The IEBC, however, said data-sharing arrangements are
standard administrative procedures.
It reiterated its commitment to conducting credible
elections and complying with constitutional obligations.
Under the commission’s framework, contractors and service
providers who access voter information are required to operate under strict
confidentiality and non-disclosure agreements.
The electoral body also insists it does not sell, lease, or
commercially exploit personal data under any circumstances.
The renewed scrutiny now places pressure on the IEBC to not
only defend the legality of its data-sharing practices.
