Last week, the High Court stopped the rollout of Huduma Namba cards due to what it termed violation of the Data Protection Act (DPA), which dictates how our personal information is used by organisations, businesses or the government.
The court found that the government had collected Kenyan citizens and residents’ personal data without making plans on how it would protect the private data as per the law.
In this digital era, many everyday operations such as registering for school, sending or receiving money through mobile transfers such as M-Pesa, purchasing a sim card, opening a bank account, enrolling for government services, obtaining a passport and even applying for a job requires proof of identification.
One’s ability to function within society in a dignified manner is largely pegged on their ability to acquire an accepted form of registration in the country they’re in.
Many countries such as Kenya, India, Nigeria and the Philippines are increasingly turning to modern technology to digitally register citizens and residents using unique biometric personal identifiers such as fingerprints, eye retina or iris scanning or facial pattern and voice recognition.
Ideally, because they provide precise identification, they would fundamentally improve service delivery when it comes to providing healthcare, education, and other social programmes. They make services and processes more efficient and streamlined. Government can efficiently target populations to improve their lives. Wastage can be reduced with the elimination of ghost workers or beneficiaries. The main challenge with Digital ID systems is the aspect of security and the prospect of misuse of the data for nefarious means by the state or other parties. It is noteworthy that any breach of our biometrics cannot be remedied. Unlike passwords or ID numbers being leaked or hacked, when fingerprints are leaked, you can never change your fingerprint.
This is exactly what the DPA and the court-mandated audit of the Huduma Namba were meant to achieve. In hindsight, it may have not been a good decision to spend billions of shillings rolling out a system without carrying out an audit, engaging experts and stakeholders, including the people, and ensuring a proper legal and technical framework existed to protect the data.
Be that as it may, Digital IDs are the future of registration regimes globally, in Africa and indeed Kenya. United Nations and World Bank have set 2030 as the year when every person in the world should have a digital ID. As such, guided by the court pronouncement, the government should regroup and chart a plan to ensure that all stakeholders are on board and every legal and technical aspect is catered for.
The strategy should first of all deal with the plights of marginalised communities such Kenyans of Nubian or Somali origin who due to structural discriminatory registration procedures, were left out of the last Huduma enrollment process because they couldn’t get national ID cards which are required for Huduma.
A move to digital ID must ensure universal access for all individuals, including the marginalised. Until this is achieved, having Huduma should not be the only basis for access to government services. Kenya should establish a robust legal and technical framework that will create a trusted, unique, secure and accurate identity for all citizens and residents, including refugees. This includes governance, policy, and operational and technical strategies that borrow from best practice while taking into account the unique situation of Kenya such as our constitution.
The aim should be to safeguard personal data, maintain cyber security, and safeguard people’s rights through a sound regulatory framework under a well-resourced and independent office of Data Protection Commissioner.