New State registry raises fears over data protection

**A section of Huduma Centre in Nairobi on July 16, 2018**.[David Njaaga,Standard]

The move by the Government to set up a central digital database with unique Huduma numbers for every Kenyan has raised concerns about data protection and mass surveillance.

Analysts and lobby groups caution that lack of robust data protection laws and oversight could lead to abuse of citizens’ personal data by political and commercial entities.

The Government is pushing ahead with the project that, in the wake of last week’s terrorism attack at 14 Riverside Drive, has been proposed as one of the solutions to curbing insecurity.

“My administration will complete a central master population database that will be the authentic single source of truth and personal identity in Kenya, and this database will contain information on all Kenyan citizens,” President Uhuru Kenyatta said last week in Mombasa.

All Kenyans will be registered afresh through the National Integrated Identity Management System (NIMS) where they will be issued with a unique Huduma number that will be linked to their personal data.

This will further be cross-referenced with data sets in other State agencies such as the Lands registry, National Social Security Fund, National Hospital Insurance Fund and the Kenya Revenue Authority, among others.

The NIMS database will also contain one's DNA and biometric information, and the GPS location of all Kenyans through an amendment to the Registrations of Persons Act signed by the President early this month.

While the Government says the enhanced NIMS and Huduma number will enhance public service delivery and national security, some organisations have raised concern that the opaque execution of the project is open to abuse.

Public participation

“With some of the information potentially protected by privacy, one would have expected a public participation process on project's initiation and realisation,” said the Consumer Federation of Kenya in a statement.

“While Kenya’s urgent need for a credible national register of its population is not in dispute, a skewed and fraudulent procurement process should be the last to expect on a system meant to apprehend criminals.”

Others have questioned the constitutionality of the collection of Kenyans’ DNA and biometric data.

“The amendment to the Act seems to have ignored Article 31(c) of the Constitution,” said Getrude Matata, an advocate at the Kenya ICT Action Network.

“This being a constitutional issue, there is probably a need to subject it to constitutional interpretation on; what the intention of the article was in providing that such information should not be unnecessarily required or revealed; whether such details being made available to registry clerks is defeating that intent; and whether the circumstances demand the 'unnecessarily' revealed bar to be lifted.”

If the database is fully implemented, Kenya will be the first country in the region to have a digital registry complete with citizens’ DNA and biometric information.

Some countries have adopted the same in a bid to cut state bureaucracy and allow universal access to public services.

However, several developing countries that have implemented national digital registries have also experienced significant flaws in the system that have worsened inequality and oppression.

“Proponents of biometrics-linked national identfication programmes argue that they bring benefits such as more accurate and efficient delivery of government services, anti-poverty regimes and welfare schemes; that they can reduce corruption or increase inclusion; or can help serve national security interests,” says Access Now, a think tank that specialises in digital rights.