The coronavirus, national security and data privacy

Emergency declarations allow expedited response efforts but can be abused

In Summary

• The last time an emergency was declared by the state, it had dire repercussions

Presdient Uhuru Kenyatta addresses the nation on coronavirus at Harambee House, Nairobi
Presdient Uhuru Kenyatta addresses the nation on coronavirus at Harambee House, Nairobi

On March 9, WHO director-general Dr Tedros Ghebreyesus tweeted that collected data from 100 countries confirmed that Covid-19, popularly known as the coronavirus, had reached 100,000 cases. 

The deadly disease is believed to have originated in Wuhan, Hubei Province, China, and spread to other countries and territories. The disease has since grown to nearly 200,000 confirmed cases and 7,000 deaths in over 150 countries and territories.

In the US alone, there have been at least 19 confirmed deaths with 10 states declaring states of emergency. James Hodge, director of the Centre for Public Health Law and Policy at Arizona State University, explains that emergency declarations allow officials at the federal, state, and local levels to mobilise quickly and activate a menu of powers that they can use to respond to a crisis situation. “They allow expedited response efforts in ways that don’t circumvent constitutional protections,” he says. However, how does this hold up against data privacy?


In 1952, a State of Emergency was declared in Nairobi by the then Kenya Governor, Sir Evelyn Baring. The declaration came as a result of political crisis due to the Mau Mau rebellion against British colonial rule and the incarceration of thousands of Kenyans.

The declaration allowed Baring to implement regulations he believed would help restore peace during the time. These included constant surveillance, prohibition of Africans from driving, walking, carrying weapons or travelling around without written permits. It also included the flying of 600 officers from the Lancashire Fusiliers Battalion into Nairobi as part of the reinforcement alongside a battalion of the King’s African Rifles.

The State of Emergency, which lasted until 1959, ended with the death of thousands of Kenyans as well as over 100 being arrested and imprisoned in the northern frontier district prison camps.

When a State declares a state of emergency, the government is empowered to perform certain actions or impose policies that it would normally not be permitted to undertake. A government can declare such a state during times of war, civil unrest, natural disasters or even public health disasters such as the Covid-19. Such declarations are normally meant to alert citizens to change their normal behaviour, while mandating government agencies to implement emergency plans. Does this mean acting outside the law? Sometimes.


While we as a nation have evolved since Sir Baring declared the emergency, we are still bound with our Mau Mau forefathers in terms of our chosen warfare tactics. While they used the thick forest and bushy highlands as camouflage to launch their guerrilla attacks and tactics, we in the 21st century hide behind our keyboards and our phones to launch guerilla attacks onto undeserving (sometimes deserving) suspects in the digital arena. Same dance, different song.

The technological and digital advancement has turned the entire world into a small hut with paper-thin walls called “data privacy laws” that attempt to guard people’s data. However, in times of national security, nothing comes down quicker than these walls.

When data privacy is put up against national security or safety, it will always come second. Privacy is oft thought a luxury, and despite the numerous laboured steps in legislating for data privacy it’s still often treated that way; a disposable asset, nice-to-have, but not essential. Article 31 of the Kenyan constitution provides for the right to privacy by stating that everyone is entitled to privacy which includes the right not to have; their person, home or property searched, their possessions seized, information relating to their family or private affairs unnecessarily required or revealed, or the privacy of their communications infringed.

Additionally, the Data Protection Act (a legislative derivative of the GDPR) strengthens Article 31 by placing restrictions on the use, collection and sharing of an individual’s personal data and in so doing, it attempts to revert power and control of personal data back to an individual.

Other statutes which attempt to provide protection for personal data and privacy include The Kenya Information and Communications Act (2009), which penalises the unlawful interception of communications by service providers, and the Kenya Information and Communications (Consumer Protection) Regulations (2010) which restricts acts such as wiretapping and data monitoring.

However, when a government is in a fight to protect the safety of its citizens, they have oft been known to favour national security over privacy. In pursuit of national security, governments have been known to ignore data privacy by engaging in acts like constant surveillance, collection of private data, GPS tracking and monitoring of its citizens.

During war times or emergency times, the rules of the ‘game’ are different. Reduced privacy might be the difference between being alive and not being alive. A loss of online privacy or constant surveillance might seem too dictatorial, but it could eventually result in a safer and better quality of life in the end. In the Kenyan legal system, privacy rights have been dangerously limited by acts such as the National Intelligence Service (NIS) Act (2012), The Prevention of Terrorism Act (2012), and The Security Laws (Amendment) Act (2014) which give the government-wide powers to limit privacy and personal data collection in the pursuit of security.

There is a fine line between balancing national security and privacy rights. The relationship between the two is dynamic and must be treated as such. On one hand, citizens must be prepared to give up their right to data privacy in return for greater national security while on the other hand, governments must constantly reassess their need to invade their citizens’ personal privacy, in pursuit of national security.