× Business BUSINESS MOTORING SHIPPING & LOGISTICS DR PESA FINANCIAL STANDARD Digital News Videos Health & Science Lifestyle Opinion Education Columnists Moi Cabinets Arts & Culture Fact Check Podcasts E-Paper Lifestyle & Entertainment Nairobian Entertainment Eve Woman Travelog TV Stations KTN Home KTN News BTV KTN Farmers TV Radio Stations Radio Maisha Spice FM Vybez Radio Enterprise VAS E-Learning Digger Classified Jobs Games Crosswords Sudoku The Standard Group Corporate Contact Us Rate Card Vacancies DCX O.M Portal Corporate Email RMS

NIIMs is a noble idea, but protect our data

By Demas Kiprono | Feb 7th 2020 | 3 min read
By Demas Kiprono | February 7th 2020

Last week, the High Court delivered a decision on the constitutionality of the National Integrated Identity Management System (NIIMS), popularly known as Huduma Namba. The court found that some of its provisions such as the collection of DNA and GPS were overly invasive and unnecessary for national registration purposes hence, unconstitutional. The court, however, found that the collection of other biometric information such as facial data, iris and fingerprints was sufficient for purposes of national registration.

The court allowed the government to continue the roll-out of Huduma Namba on condition that it sets up an appropriate and comprehensive regulatory framework on data protection. It added that the framework must meet international standards on data protection which include publishing of appropriate rules and regulations, the appointment of an independent Data Protection Commissioner and formation of a secretariat.

The major reason NIIMS survived the legal challenge was because in November 2019, the National Assembly passed a Data Protection Law. When the case was lodged and the first rollout was done, Kenya did not have a legal framework for the protection of personal data. Kenya joins India and Jamaica, countries where legal challenges have been filed against a biometric registration system on account of the right to privacy. In Jamaica, the Supreme Court found the system unconstitutional because it violated the right to privacy.

Affect rights

In India, the Supreme Court upheld the ‘Aadhaar’ system on condition that India comes up with a strong data protection framework. As per the Huduma Bill, enrolment would be required in order to access over 17 services that affect rights such as education, a passport, healthcare et cetera.

Moreover, failure to register would attract a prison term and hefty fines running into the millions of shillings. Increasingly, our lives are ending up on digital platforms: From movements being tracked by GPS systems and CCTV cameras, shopping habits through tracking digital payments, communications and internet searches, who we speak to via phone records to our very identity in terms of biometric data which once breached, cannot be changed or reclaimed.

Integrated databases are easy targets for hackers. Other governments such as the USA and UK have abandoned plans like NIIMS because of the potential danger centralised biometric data poses to its citizens. The danger simply outweighs the benefits of the convenience of the systems.

A less risky model is the utilisation of ‘data silos’ which involve the use of separate systems for different purposes that are not integrated with others. An example is where the KRA data, passport data and national identity registration data are all kept in separate databases.

Automate services

If one body requires data from another, a physical process might be required as opposed to the click of a button. A breach of such systems would therefore only compromise the data therein - whereas breaches in integrated systems such as NIIMS jeopardises all the data that is within or connected.


As we move further into the digital age, more of our data as a matter of necessity will be collected, collated and processed in digital form as governments, corporate bodies, scientists, researchers and other fields endeavour to utilise digital data to automate services and to improve systems, services, policies and programmes. The downside is that many countries lack the technical, policy and regulatory frameworks that allow for the use of data in a manner conscious to rights issues. Worse still, citizens simply do not know their digital rights or simply do not care.

Sadly, 66 per cent of Kenyans today do not know or care about digital security as per the 2019 Global Survey on Internet Security. This means that Kenyans, due to ignorance and apathy, are incapable of holding their government and businesses that operate in Kenya to account.

Instead, meaningful consultations should be held to explore open and transparent approaches that ensure that data is used and processed within agreeable legal and policy frameworks that respect the privacy and dignity of the citizenry.

Mr Kiprono is a Constitutional and Human Rights Lawyer. [email protected]

Share this story
Title deeds issued in Mwea settlement scheme cancelled
The Judge ordered a fresh subdivision of the 44,000-acre land and allocation of new title deeds under the supervision of Embu County Commissioner
China rejected Kenya's request for Sh32.8b debt moratorium
China is Kenya’s largest bilateral lender with an outstanding debt of Sh692 billion.