Kenyan courts crack the whip on tech giants

The Employment and Labour Relations Court in Nairobi ruled recently that Facebook's parent company Meta had a case to answer over alleged labour and human rights violations committed by one of its contractors in Kenya.

In the landmark ruling delivered by Justice Jacob Gakeri, Meta failed to have its name struck out from a legal suit filed by former Facebook content moderator Daniel Motaung, who accuses the company and outsourcing firm Samasource of violating his rights and that of his colleagues.

Mr Motaung accuses Facebook and Samasource of misrepresenting their job description and that the two parties neglected the mental health of content moderators employed to review and remove graphic and disturbing content from the platform.

Meta applied to have the case dismissed on the grounds that Meta Platforms Inc and Meta Platforms Ireland Ltd - Facebook's parent companies - are foreign corporations that are neither resident, domiciled nor trading in Kenya and thus out of the jurisdiction of the Kenyan court.

"To impose the Constitution and laws of Kenya on a foreign corporation would constitute a gross breach of the sovereignty of the laws of the applicant's domicile and an unlawful interference with the exclusive territorial jurisdiction of their respective states," argued Meta in an application filed by law firm Kaplan & Stratton. In his ruling, Justice Gakeri declined to strike out Mr Motaung's petition on the basis that he had not served the court documents to Meta within the appropriate jurisdiction.

The ruling marks a significant turning point in defining the liability of multinational tech platforms that operate in the country with little or no physical presence despite having millions of subscribers and raking in millions of shillings in revenues.

This is the second time in as many years that Kenyan courts are setting the rules on the liability that big tech companies have in Kenya.

In 2021, the High Court ruled that Uber can be sued by drivers for reducing fares on its ride-hailing platform in a five-year case that has since moved to the Court of Appeal.

Milimani Commercial Court Judge Francis Tuiyot declined an application by Uber Kenya seeking to have its name struck out of the suit by Uber drivers, who accused the tech giant of breach of contract in the introduction of discounts on the popular app.

Uber Kenya's failed argument was that it was a different entity from Uber BV, which signed the drivers onto its platform and as such, was not a party to the agreement between the two or liable for any breach of contract.

The rulings come in the wake of increased calls both at home and globally to levy steeper penalties for data privacy violations on social media platforms and to have them pay their fair share of taxes in the markets they operate. Earlier this month, the European Commission adopted a new policy that will see tougher enforcement of the General Data Protection Regulations (GDPR) across the 27-country member bloc.

The regulations were enacted in 2018 and are widely viewed as the most robust form of legislation that seeks to protect users' digital data. Under the new policies, data protection authorities in the EU will have to share on a bi-monthly basis an overview of large-scale cross-border investigations under GDPR.

Authorities will further have to update the EU on the type of investigation involved, the data controller or processor being investigated and any measures taken during the course of the investigation.

This is expected to expedite the investigation and prosecution of offences under GDPR and assist member states to strengthen their legal structures to take on big tech. Ireland's Data Protection Commission (DPC) has in the past year issued tens of billions of shillings in fines to Facebook's parent company Meta over violations of GDPR.

Media reports

Last month, Ireland's DPC fined Meta EUR210 million (Sh28 billion) for GDPR breaches on Facebook, and another EUR180 million (Sh24 billion) for violations on Instagram.

The inquiries concerned two complaints made by an Austrian and a Belgian data subject in relation to Facebook and Instagram respectively on May 2018, the date the regulations became effective.

And in November last year, DPC in Ireland fined Facebook EUR265 million (Sh35.4 billion) following media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the Internet. With Meta reporting $32 billion (Sh4 trillion) in revenues for the fourth quarter of last year, authorities in Ireland, Italy, France, Germany and other countries in the EU are hoping the fines will cause enough pain to encourage compliance.

Kenya's Data Protection Act, 2019 is modelled on GDPR, and the EU is among the leading development partners offering support to the recently established Office of the Data Protection Commissioner.