)
)
The National Treasury has defended its proposal to delete a key clause in the Tax Procedures Act that currently shields customer financial data from being accessed by the Kenya Revenue Authority (KRA), sparking fresh debate on data privacy and tax enforcement.
Speaking during a recent public engagement in Kibra, Treasury Cabinet Secretary John Mbadi responded to concerns from citizens regarding the proposed repeal of Section 59A(1B) of the Act.
The clause, which was introduced in December 2024, restricts the KRA from requiring businesses to share customer financial data, including trade secrets and private or personal information.
Treasury Cabinet Secretary John Mbadi
)
)
)
In its 2025 Finance Bill, the Treasury is seeking to delete this section, a move that would allow the taxman access to financial records such as bank statements and mobile money transactions.
The objective, according to the government, is to enhance compliance and accuracy in tax assessments.
CS Mbadi described the inclusion of the privacy clause in the 2024 amendment as a legislative error introduced by Parliament.
“Initially, the law was clear. KRA could get your financial information and assess whether you were paying the correct tax,” he said.
“But the National Assembly sneaked in a proposal that restricted this access, citing personal data and trade secrets.”
He emphasised that the KRA's interest lies strictly in financial transactions and not personal or confidential data unrelated to taxation.
“The Data Protection Act is still in place. No one is coming for your personal information,” Mbadi assured the audience.
“Where KRA sources this data, banks and financial institutions, there are no personal secrets.”
The CS further argued that enabling KRA to access financial data is essential in verifying the accuracy of self-assessed tax returns.
“Every year, we file self-assessments. The only way KRA can confirm whether these assessments are truthful is by reviewing financial data,” he said.
However, critics have raised concerns over the implications of the proposed change.
KRA headquarters at Times Tower, Nairobi
Civil society groups and digital rights advocates argue that repealing Section 59A(1B) could pave the way for overreach and possible violations of constitutional privacy protections, despite existing safeguards under the Data Protection Act.
Businesses, especially those handling sensitive customer data, also fear that being compelled to share such information with KRA could erode client trust and expose them to legal and reputational risks.
As Kenya increasingly digitises its economy, the government faces mounting pressure to expand its tax base and reduce reliance on external borrowing.
The 2025 Finance Bill is currently under public review, and the proposal to amend Section 59A is expected to feature prominently during debates in Parliament.
If passed, the amendment would mark a significant shift in how the KRA obtains data for enforcement and compliance purposes.