Overview of the Kenyan-American Health Cooperation Agreement.
On December 4, 2025, during Kenyan President William Ruto's state visit to the United States, Kenya and the United States signed a five-year health cooperation agreement (often referred to as a Memorandum of Understanding or Agreement). This agreement provides up to US$1.6 billion in funding (with Kenya contributing US$850 million) to support Kenya's efforts to combat HIV/AIDS, tuberculosis, malaria, polio, and emerging infectious diseases. It shifts the focus from NGO-funded assistance to direct government collaboration aimed at modernizing health systems, improving supply chains, and expanding universal health coverage through initiatives such as electronic health records and the Social Health Authority.
An accompanying agreement on the exchange of data and samples has sparked intense debate. Critics argue that it effectively violates Kenya's data privacy rights and legal sovereignty by granting the US unprecedented access to sensitive health data and biological samples. Supporters, including Health Minister Aden Duale, emphasize that the agreement protects privacy through anonymization and is governed exclusively by Kenyan law. Below, I will outline, based on legal analysis and public commentary, the key points where critics see the agreement as undermining privacy and rights.
Critics, including data governance expert Dr. Mugambi Laibuta and whistleblower Nelson Amenya, argue that the agreement exposes Kenyans' most intimate health data to foreign control and transforms national health systems into surveillance tools.
By comparison, in Austria, health data belongs to patients as personal data, which is strictly protected by the GDPR and national regulations such as the ELGA Act – disclosure without consent is generally prohibited.
Patients have the right to access, correct, and delete their data, as well as to restrict access, for example, under the new EHDS Directive, which allows opt-out options for cross-border data sharing.
Patients can request information in writing or verbally, including a free initial copy of their medical records, and object to processing.
Specific concerns include:
The agreement reportedly allows the US to integrate into Kenya's national health information systems in real time. This could expose personal data such as HIV status, tuberculosis treatment histories, mental health records, vaccination data, fertility information, genome sequences, and biometric data.
This could affect millions of people, as Kenya's health databases cover routine care from hospitals in Lodwar to Lamu.
Laibuta warns that this grants the US sweeping and intrusive privileges and increases the risk of data manipulation, extraction, or misuse by third parties, such as pharmaceutical companies.
Kenya is required to share biological samples, sequencing data, and related information on emerging infectious diseases within five days of their discovery. The US can then distribute this data to up to ten entities (e.g., drug developers) without any obligation to return resulting products (such as vaccines or treatments) to Kenya. This circumvents patient consent and could allow Kenyan genetic and health data to be profitably marketed abroad.
Aggregated reports suggest that even “anonymized” data is not foolproof—re-identification techniques could reconstruct personal details. Data on mental health, reproductive health, and chronic diseases are particularly sensitive, as data breaches could lead to stigmatization, discrimination, or targeted surveillance.
In an opinion piece titled “How the Kenyan-American Health Agreement Betrays Our Privacy and the Law,” attorney Gitobu Imanyara describes the agreement as “a complete loss of sovereignty disguised as development aid,” emphasizing that it exposes “your HIV status, your tuberculosis treatment, your mental health history, your fertility issues, your children’s vaccination records, and any disease samples.”
The agreement not only carries the risk of data leaks but, according to Laibuta’s legal opinion submitted to the government, fundamentally challenges Kenya’s legal framework and autonomy. He argues that it must be “significantly renegotiated” to be compatible with Kenyan law.
Among the most significant violations are:
- Constitutional violation (Article 31), as the Kenyan Constitution guarantees the right to privacy, including the protection of personal data and confidential communications. Granting real-time access to health systems to foreign entities directly violates this principle, as health data is considered confidential and may not be disclosed without consent or a clear justification.
- Violation of the Data Protection Act (2019), as this law mandates strict controls on data processing, storage, and transfer and requires oversight by the Office of the Data Protection Commissioner. The sweeping data-sharing obligations in the Memorandum of Understanding expose systems to cybersecurity threats and subordinate Kenyan data sovereignty to US interests without adequate impact assessments or protocols for handling data breaches.
Violations of the Health Act (2017) and the Digital Health Act (2023), as the Health Act declares all records confidential and restricts disclosure to third parties only in cases of consent or legal order. The agreement's sample-sharing and data access clauses disregard these provisions, potentially allowing unregulated data outflows. Furthermore, it undermines decentralized health governance by centralizing control and circumventing county jurisdictions.
Violations of the Health Act (2017) and the Digital Health Act (2023), as the Health Act declares all records confidential and restricts disclosure to third parties only in cases of consent or legal order. The memorandum of understanding will be “interpreted according to US federal law,” which critics consider unconstitutional—it prioritizes foreign regulations over the Kenyan constitution and weakens Kenya’s sovereignty. This could expose Kenya to lawsuits or demands from the US and conflict with multilateral efforts such as the WHO’s pandemic agreement.
Although the agreement is limited to five years, some drafts mention a 25-year period for data/systems integration. This binds Kenya to unequal conditions without exit clauses to protect national interests.
According to Laibuta, these issues pose a threat to national security, as they make critical infrastructure vulnerable to hacking and misuse.
Government and US Assurances
Kenyan officials counter that no personally identifiable information will be shared—only anonymized, aggregated summaries (e.g., of disease trends at the district level) for monitoring the effectiveness of relief efforts, always under Kenyan oversight and with the approval of the Data Protection Commissioner. Duale stated: “Your health data is a national strategic asset. Your privacy, your safety—our responsibility.” The US Embassy affirmed: “The US will not have access to private patient data. The full data-sharing agreement will be published to address the demands for transparency.”
The Agreement Has Far-Reaching Implications and Calls to Action
Civil society groups, legal experts, and online campaigns (e.g., #ProtectKenyaData) are calling for the suspension or revision of the agreement, labeling it “exploitative” in light of global tensions related to the spread of pathogens. Imanyara warns: “This is not a partnership… It is a Faustian pact in which Kenya is trading its most valuable asset—the trust and data of its population—for a minimum of development aid.” If this problem is not addressed, it could negatively impact health behaviors, undermine trust in healthcare systems, and set a precedent for other African states.
In Austria, health data belongs to the patients. According to the GDPR and Austrian law, particularly the ELGA Act, patients have full control over their personal health data. They can view and manage it at any time, log access, and even have references to documents deleted.
This strengthens patient autonomy and ensures that data is processed only with consent or within the context of treatment.
@https://www.bbc.co.uk/news/articles/c0r9vq5vv4no
@https://pmc.ncbi.nlm.nih.gov/articles/PMC10706040
@https://www.nber.org/system/files/working_papers/w26928/w26928.pdf
@https://www.sciencedirect.com/science/article/pii/S0305750X23003194
@https://www.researchgate.net/publication/393254421_IMPACT_OF_FOREIGN_HEALTH_AID_ON_ECONOMIC_GROWTH_OF_SUB-_SAHARAN_AFRICAN_COUNTRIES_EXAMINING_THE_EFFECT_OF_CORRUPTION
@https://academic.oup.com/isp/article/25/1/60/7227553
@https://pmc.ncbi.nlm.nih.gov/articles/PMC7123888
@https://www.worldscientific.com/doi/pdf/10.1142/9789811239700_0014?
download=true&srsltid=AfmBOorchz6sxSxw9WXVQf5LLxJWj_47Ba62ZDSrf-uyGgD56zoDqhPc
@https://www.scirp.org/journal/paperinformation?paperid=87200
@https://www.centerforhealthydevelopment.org/uploads/4/2/0/2/42028609/taking_stock_of_development_assistance_for_health_in_the_21st_century_04152025.pdf
@
Keine Kommentare:
Kommentar veröffentlichen