Kenya: Office of the Data Protection Commissioner closed consultation on draft guidance note on processing of biometric data

On 30 May 2025, the Office of the Data Protection Commissioner (ODPC) closed the public consultation, which had been open since 16 May 2025, on the draft guidance note on the processing of biometric data. The draft guidance, prepared pursuant to the Data Protection Act, 2019, and the Data Protection (General) Regulations, 2021, outlines the lawful bases and compliance requirements for biometric data processing in both public and private sectors. It specifies regulatory obligations, including registration, duty to notify, privacy by design and default, and transfer and localisation safeguards, as well as the obligation to report biometric data breaches. Furthermore, it defines requirements for Data Protection Impact Assessments (DPIAs) for high-risk biometric processing and enumerates data subject rights including access, rectification, erasure, and portability. The guidance serves as a national compliance framework supporting lawful, transparent, and secure biometric data processing in Kenya.