Kenya: Office of the Data Protection Commissioner adopted guidance on processing of children's data

On 6 November 2025, the Office of the Data Protection Commissioner (ODPC) adopted the guidance note on the processing of children’s data. The guidance issued pursuant to the Data Protection Act, 2019, and the Data Protection (General) Regulations, 2021, provides a framework for lawful and fair processing of personal data relating to individuals under eighteen years. It outlines obligations for data controllers and processors in both public and private sectors, addressing lawful basis and parental consent, verification of parental authority, and mechanisms for age verification. The guidance also defines safeguards for processing sensitive data, promotes data minimisation, accountability, and privacy by design and by default, and requires data protection impact assessments for high-risk activities. It further includes provisions on online data protection, retention, and deletion, transparency, and breach notification to ensure that all processing is conducted in the best interests of the child.