Legality on Biometric Restrictions
Balancing technology, privacy, and constitutional rights in Kenya
Biometric data in Kenya is classified as sensitive personal data under the Data Protection Act (2019), anchored in Article 31 of the Constitution of Kenya (2010). Its use requires strict compliance with legal safeguards, consent, and data protection principles.
1. What Are Biometric Restrictions?
- Access control to buildings or systems
- Attendance tracking
- Financial service authentication
- Government identification systems
2. Constitutional Framework
Biometric systems must meet standards of legality, necessity, and proportionality.
Article 31 – Right to Privacy
- Protection from unlawful data collection
- Protection of personal information
- Protection from intrusion into private affairs
Article 27 – Equality
- No discrimination in access to services
- Protection of vulnerable groups
3. Legal Tests for Compliance
✔ Legality – clear legal basis
✔ Necessity – must be essential
✔ Proportionality – not excessive
✔ Consent & Security – properly handled
4. Emerging Legal Concerns
- Mass surveillance risks
- Data breaches & identity theft
- Lack of alternative systems
- Low public awareness
5. Compliance Requirements
- Clear biometric policies
- Proper consent mechanisms
- Transparent privacy notices
- Legal documentation structures
- Respect for human rights
Conclusion
Biometric restrictions are lawful only when they align with constitutional rights and data protection laws. Organizations must balance innovation with accountability to avoid legal liability.
Technology must serve people — not override their rights.