Kenya’s Computer Misuse and Cybercrimes Act makes it an offence, in Section 27, for a person to communicate with another a message that they know or ought to know would cause the recipient fear; is indecent or offensive in nature; or would detrimentally affect the recipient. This offence carries a penalty of either a 20 million shilling fine or a 10-year term of imprisonment or—discretionarily—both. While the offence is termed ‘cyber-harassment’, its wording appears to exclude a number of offences that would count as cyber-harassment such as cyber-stalking, doxing or impersonation. In fact, its wording is vague and overbroad, using undefined terms such as ‘detrimentally affect’ which require subjective interpretation. Cyber-harassment laws constitute a limitation on the freedom of expression and as such, ought to conform to the limitations of human rights test as provided in Article 24 of the Constitution. Where the aim sought is legitimate in a democratic society and other conditions such as legality are met, this limitation is valid. This paper reviews Kenya’s law that was recently upheld by the High Court in Bloggers Association of Kenya (BAKE) v Attorney General & Three others; Article 19 East Africa & another and finds that it fails to meet the limitations test prescribed under Article 24 of the Constitution. It argues that Section 27 of the Computer Misuse and Cybercrimes Act is therefore overbroad and has the potential to be used as a tool for the unconstitutional suppression of legitimate criticism.
