Kenya’s plan to sell data collected via eCitizen and other State agencies is opening a new debate about the value of information in the digital economy and the limits to what public institutions can do with it.
At the centre of the proposal is a planned data marketplace where businesses, researchers, investors and innovators would be able to access datasets generated by government agencies.
The proposal comes at a time when countries around the world are increasingly treating data as an economic asset. Yet that information is unlike other government resources because much of it originates from citizens.
This raises questions about privacy, ownership and whether information collected for public service delivery can later be commercialised.
Kenya’s data protection laws draw clear boundaries around what can and cannot be sold. While some government datasets may be commercially valuable, others are legally protected because they contain information that could identify individuals.
Understanding these distinctions is key to understanding how the proposed marketplace would operate and the safeguards it would require.
Why does the State want to sell data?
Officials argue that vast amounts of information collected by the State remain under-utilised despite having significant economic value. By making some of this data available at a fee, the government hopes to generate revenue while supporting innovation and evidence-based decision-making.
What is the difference between personal and non-personal data?
Personal data refers to information that can identify a living individual either directly or indirectly. This includes names, identity card numbers, phone numbers, email addresses, biometric records, photographs, location information and financial details. Even where a person’s name is removed, data may still be considered personal if it can reasonably be linked back to a specific individual.
For example, information showing that a particular person owns a vehicle, received government benefits, paid taxes or visited a health facility would generally fall within the category of personal data.
Non-personal data, on the other hand, is information that does not identify any individual. It is usually aggregated, anonymous or statistical in nature. Examples include county-level agricultural production figures, average household income trends, road traffic volumes, electricity consumption patterns, rainfall statistics and sectoral economic performance data.
Why can’t the government sell personal data?
Kenya’s Data Protection Act places strict limits on how personal information can be collected, processed, shared and transferred.
Government agencies typically collect personal information for specific purposes such as issuing identity cards, processing taxes, delivering healthcare, providing education services or administering social programmes. The law generally requires that personal data be used only for the purpose for which it was collected unless another lawful basis exists.
Selling citizens’ personal information would likely violate several core principles of data protection, including purpose limitation, fairness and lawful processing.
The Kenyan Constitution also guarantees the right to privacy, including the right not to have information relating to one’s private affairs unnecessarily revealed.
Allowing the commercial sale of personal information could expose citizens to profiling, discrimination, financial fraud, identity theft and unwanted surveillance. It could also undermine public trust in government systems, making people less willing to share information needed for service delivery.
For these reasons, personal data is generally treated as a protected asset belonging to the individual rather than a commodity that can be freely traded by the State.
Why can’t some economic data be sold?
Not all non-personal data can be commercialised.
Under Kenya’s Access to Information Act, public bodies are required to provide citizens with access to information held by the State, subject to specific exemptions.
Information relating to public finances, government programmes, public contracts, environmental matters and economic performance is often expected to be publicly accessible because it supports transparency and accountability.
How will people’s privacy be protected?
The government’s plans are expected to rely heavily on anonymisation and aggregation.
Anonymisation involves removing or altering information that could identify a specific person. Aggregation involves combining data into broader categories so that only trends and patterns are visible.
The Office of the Data Protection Commissioner would be expected to oversee compliance with the Data Protection Act and ensure that any datasets released through the marketplace meet legal requirements.
The participants in the data market will also be heavily supervised to ensure proper use of the data obtained from the marketplace and that only anonymised data is obtained.
Who owns government-held data?
One of the emerging questions is whether data collected from citizens belongs to the government, the individual or both.
Current data protection laws recognise that individuals retain rights over their personal data even when it is held by public institutions. Governments act as data controllers or custodians rather than outright owners of personal information.
Non-personal data, however, is not well-defined legally. Governments often argue that aggregated datasets generated through public administration are public assets that can be used to support economic development. But there’s no clarity on whether citizens should claim ownership to the data and whether they should be paid for it.
What are the benefits and risks of a government data marketplace?
Proponents argue that selling non-personal data could unlock economic value from information that currently sits unused in government databases. Businesses could make better investment decisions, researchers could generate new insights and technology companies could develop innovative services.
Critics, however, warn that weak safeguards could create privacy risks, encourage excessive data collection or blur the line between public service delivery and commercial exploitation.
The success of the plan will need a clear demonstration by the government that personal information will remain protected, citizens’ rights respected and commercially valuable datasets shared without compromising privacy or public trust.
Has this happened in other countries?
Yes, governments like the United Kingdom, the United States, and Singapore have long recognised that public-sector data has economic value. In these countries, the trend has been making more government data freely available as open data while charging for specialised products, real-time access or value-added services.