Kenya and the United States have signed a new data-sharing agreement aimed at enhancing cooperation in health programmes while safeguarding the privacy and rights of Kenyan citizens.

The agreement signed on Monday, December 8, 2025, outlines how health-related data will be shared under strict legal, ethical, and confidentiality standards.

“The Government of Kenya shall provide data according to the Data Protection Act, 2019, the Digital Health Act, 2023, and other applicable laws and regulations in Kenya. The data that will be provided is for purposes of implementation of the Cooperation Framework,” reads the agreement in part.

 Both governments will jointly define which health data systems, referred to as Covered Data Systems, fall under the agreement, the type of data to be shared, the level of access permitted, and the authorised users. 

Further, the Kenyan government committed to minimising the release of individual-level or personally identifiable information (PII) and to providing only what is necessary to support the framework’s objectives.

“The Government of Kenya shall provide the U.S. Government relevant data derived from health programmes under the Covered Data Systems, and this shall remain in effect for a duration of seven (7) years with effect from the signing of this agreement.”

 Additionally, the Kenyan government will ensure that system functionality is maintained, notify the U.S. of any planned system updates or outages, and provide login credentials where appropriate.

 However, any reduction or cancellation of U.S. funding may result in restricted data access, as outlined in the Cooperation Framework.

The United States

On the U.S. side, the agreement imposes strict rules on how the data can be used. 

The U.S. may only utilise the information for activities and metrics specified in the Cooperation Framework and must handle, archive, store, and dispose of the data according to both Kenyan regulations and U.S. federal records standards.

 Confidentiality measures will mirror Kenya’s data protection laws, and the U.S. is required to protect the integrity of the data, especially where there is any risk of identifiability. In the event of a data breach, the U.S. must inform Kenya promptly and provide a detailed report outlining mitigation efforts.

The agreement also confirms that all data remains the sole property of the Government of Kenya. No intellectual property rights or data ownership will be transferred to the U.S.

 Any publications derived from Kenyan data will require Kenyan co-authors, adequate approvals, and collaborative review. Additionally, any benefits emerging from data insights will require separate agreements to ensure equitable sharing.

Both countries also commit to additional responsibilities to ensure the reliability and integrity of the shared data. Kenya will maintain the security and functionality of the data systems and jointly conduct data audits with the U.S. government or its contractors, using external auditors only with Kenya’s written approval. Any changes to the systems that may affect data provision must be communicated in advance to ensure transparency throughout the partnership.