Previously, I have discussed the concept of constitutional statutes. Recall that a constitutional statute is a law that is “enacted in pursuance of the State’s positive obligation to fulfil a constitutional right.” While certain constitutional rights are self-enforcing (such as, for example, the right to free speech ipso facto prohibits the State from engaging in arbitrary censorship), others – by their very nature – require a statutory framework to be made effective. For example, the right to vote cannot be made effective without an infrastructure in place to conduct free and fair elections, including the existence of an independent, non-partisan Election Commission. Insofar as such a legislative framework is not in existence, the state is arguably in breach of its positive obligations to fulfil the right in question. Thus, to refine the definition further, a constitutional statute is a statute that “provides a statutory framework towards implementing a fundamental right, thereby fulfilling the state’s positive obligation to do so.”
What follows from the finding that a particular law is a constitutional statute? On this blog, we have discussed constitutional statutes in the context of amendments to the Right to Information Act, which have sought to undermine the independence of the Information Commissioners. We have argued that, insofar as constitutional statutes stand between the individual and the State, mediating the effective enforcement of rights, legislative amendments that prevent them from fulfilling this function, are thereby unconstitutional. Furthermore, once a constitutional statute has been enacted, the principle of non-retrogression applies – that is, the legislature cannot simply repeal the law and go back to a position where the right in question was unprotected. Another example discussed on this blog is the recent judgment of the Kenyan Court of Appeal in David Ndii, where it was held that the implementation of the Popular Initiative to amend the Kenyan Constitution required a legislative scheme, as also its discussion of the previous judgment in Katiba Institute, where an attempt to reduce the quorum for resolutions of the Independent Electoral and Boundaries Commission was held to be unconstitutional.
The judgment of the High Court of Kenya of 14 October 2021 – also titled Katiba Institute – provides an additional, fascinating implication that flows from the finding that a law is a constitutional statute. Katiba Institute arose out of the efforts of the Government of Kenya to implement a national biometric identification system called NIIMS, and the judgment of the High Court with respect to a challenge to the constitutionality of NIIMS (Nubian Rights Forum), which we discussed on this blog back in 2019. Recall that in Nubian Rights Forum, after a detailed analysis, the High Court struck down a part of NIIMS, and allowed the government to go ahead with the rest of the programme subject to the implementation of an effective data protection law. Therefore, as I had noted in that post:
The High Court’s decision – at least in part – is a conditional one, where the (legal) future of the NIIMS is expressly made dependant on what action the government will take. Thus, there remain a significant number of issues that remain open for (inevitable) litigation, even after the High Court’s judgment.
Notably, Kenya had enacted a data protection law in between the hearings and the judgment, but the High Court – in its verdict – was insistent that until the point of effective implementation, the continued rollout of NIIMS could not go on. And this was at the heart of the challenge in Katiba Institute: the applicant argued that NIIMS had been rolled out, in particular, without complying with Section 31 of the Kenyan Data Protection Act, which required a Data Impact Assessment as a pre-requisite to any data collection enterprise. In response, the state argued that the data collection in question had already been completed before the passage of the Data Protection Act, and that therefore – in accordance with the general principle that statutes are not meant to apply retrospectively – Section 31 was inapplicable to this case.
Engaging in impeccable constitutional statute analysis, Justice Jairus Ngaah noted that the Data Protection Act was “enacted against the backdrop of Article 31 of the Constitution.” Article 31 of the Constitution of Kenya 2010 guarantees the right to privacy. As the learned Justice noted, in its very preamble, the DPA stated that its purpose was to “give effect to Articles 31(c) and (d) of the Constitution.” Justice Ngaah then rightly observed, “The need to protect the constitutional right to privacy did not arise with the enactment of the Data Protection Act; the right accrued from the moment the Constitution was promulgated.”
The judgment of the High Court of Kenya provides an additional, fascinating implication that flows from the finding that a law is a constitutional statute.
It therefore followed that, on the balance, an interpretation that gave the DPA retrospective effect was to be preferred over one that did not. A contrary interpretation would mean that the state was entitled to collect data and infringe the right to privacy even in the absence of a legislative scheme. Or, in other words, having failed to implement its positive obligation to enact a constitutional statute to give effect to the right to privacy, the state could then take advantage of its own failure by nonetheless engaging in data collection enterprises anyway. This, naturally, could not be countenanced. And in any event, given that Article 31 had always existed, it followed that:
. . . there was always the duty on the part of the State to ensure that the Bill of Rights . . . is respected and protected. Section 31 of the Act does not impose any more obligation or duty on the state than that which the state, or the respondents . . . have hitherto had to bear.
On this basis, Justice Ngaah therefore held that NIIMS had been rolled out in breach of Section 31, and therefore, first, quashed the rollout itself, and secondly, issued a mandamus restraining the State from rolling it out again without first complying with Section 31.*
The judgment in Katiba Institute does not, of course, answer the number of questions that still remained to be resolved after the Nubian Rights Forum judgment, including some problematic aspects of the DPA itself. Those questions were not, however, before the court in this instance; on the other hand, the court’s finding that constitutional statutes apply retrospectively – and the reasons for that finding – make it a landmark judgment. Katiba Institute adds to the growing comparative discussion around constitutional statutes, Fourth Branch bodies, and “Guarantor Institutions”, and therefore ought to be keenly studied by students of comparative constitutional law.
* One cannot, of course, help comparing this with the judgment of the Indian Supreme Court in the Aadhaar case, where despite the fact that Aadhaar data was collected for more than five years without any law whatsoever, it was retrospectively validated by the Supreme Court.