Kenya’s proposal to monetise non-personal data collected through eCitizen and other State systems should not be treated as a routine revenue measure. It is one of the most important digital governance questions facing the country today.
At first glance, the idea appears reasonable. The government holds large volumes of information that could support research, planning, investment, innovation, and better public services. Properly governed, public-sector data can help universities study social trends, counties plan infrastructure, businesses understand markets, and innovators build solutions in health, transport, agriculture, education, and finance.
Kenya should not fear a data economy. But it must not build one by weakening the very trust that makes digital government possible.
The State holds data because citizens are required to interact with it. People submit information to apply for passports, register businesses, pay taxes, renew licences, seek public services, access education, interact with health systems, and comply with the law. This is not the same as a customer voluntarily giving information to a private platform. Public data is collected under authority, necessity, and trust.
That distinction matters. The government may hold public data, but it does not morally own the trust under which citizens provide it.
Why public data must be treated with caution
The phrase “non-personal data” may sound reassuring, but it should not end the debate. Names, ID numbers, and phone numbers may be removed, yet datasets can still reveal patterns about communities, income levels, movement, health demand, business activity, education access, land use, public service dependency, or regional vulnerability. When such data is combined with other datasets, especially in the age of artificial intelligence and advanced analytics, the line between anonymous and identifiable can become thin.
This is why Kenya must avoid the dangerous assumption that anonymisation alone is governance. It is not. Anonymisation is a technical control. Governance is a wider system of law, ethics, oversight, accountability, security, public participation, and enforcement.
A public data marketplace should therefore not begin with the question: how much money can the government raise? It should begin with harder questions. Which datasets will be shared or sold? Who will access them? Who will approve the release? What risks will be assessed? What data should never be commercialised? What role will the Office of the Data Protection Commissioner play? How will misuse be detected? What penalties will apply? How will citizens know that their information has not been converted into a commercial asset without adequate safeguards?
These questions are not academic. They go to the heart of digital trust.
Victoria Fakiya – Senior Writer
Techpoint Digest
Stop struggling to find your tech career path
Discover in-demand tech skills and build a standout portfolio in this FREE 5-day email course
eCitizen is no longer just a website. It is becoming part of Kenya’s digital public infrastructure. When citizens use it, they are not merely clicking through an online service; they are entrusting the State with their identities, payments, applications, records, and transactions. If that trust is weakened, the damage will go beyond one platform. It will affect confidence in digital government itself.
Guard rails for operating public data marketplace
Kenya must therefore establish firm principles before any public data marketplace becomes operational.
First, there must be full transparency. The government should publish a clear inventory of datasets proposed for sharing, sale, or licensing. Citizens should know what categories of data are involved, where the data came from, how it was processed, who may access it, and for what purpose.
Second, every dataset should undergo independent privacy, cybersecurity, and re-identification risk assessment before release. Some data may appear harmless in isolation but become sensitive when combined with other sources. This is especially true for datasets involving health, education, taxation, identity, land, mobility, social protection, public payments, and vulnerable groups.
Third, the Office of the Data Protection Commissioner must have a central and visible oversight role. A public-sector data marketplace cannot be credible if data protection is treated as an afterthought. The ODPC should help define standards, review risk assessments, audit compliance, receive complaints, and enforce penalties for misuse of data.
Fourth, Kenya must define red lines. Not all data that can be monetised should be monetised. Some datasets may be too sensitive, too easily abused, or too closely connected to vulnerable populations. Ethical restraint is not anti-innovation. It is part of responsible innovation.
Fifth, access should be tiered and fair. Universities, counties, public-interest researchers, start-ups, civil society organisations and large corporations should not be treated as if they carry the same risk or pursue the same purpose. Public-interest research should not be priced out of reach, while commercial users should face strict licensing, audit, and liability obligations.
Sixth, revenue should not be the main measure of success. If revenue becomes the dominant objective, the government may be tempted to release more data than is wise. The better measure is public value: better planning, stronger services, improved research, responsible innovation, reduced duplication, and evidence-based policymaking.
This debate should not be reduced to a contest between innovation and privacy. Kenya needs both. It needs data-driven planning, but also citizen protection. It needs research and innovation, but also accountability. It needs revenue, but not at the cost of public trust.
Kenya has already shown that it can digitise public services at scale. The next test is whether it can govern the data generated by that digitisation with wisdom.
A trusted data economy will not be built by selling what citizens submitted in good faith. It will be built by proving that Kenya can turn data into public value without turning citizens into raw material for revenue.
About the Author
George Kariuki is an ICT and cybersecurity professional with experience in IT support, digitisation, information security, digital governance, and institutional technology systems. His writing focuses on digital trust, cybersecurity, data protection, responsible innovation, and the governance of digital public infrastructure.
