Parents to register SIM cards bought for minors in new regulations

Mother and daughter using smartphone at home [Courtesy]

Parents and guardians who buy phones for minors under the age of 18 will have to register the SIM cards under the child’s name.

This is according to new guidelines from Communications Authority of Kenya (CA) that introduce new standards targeted at protecting minors using internet and broadcasting services.

“Mobile service providers, in the development of age-verification mechanism, will ensure that all SIM cards that are to be used by children or minors shall be registered in line with the provisions in the Kenya Information and Communications Act, 1998 and the Kenya Information and Communications (Registration of SIM cards) regulations,” the regulations say.

Data from CA indicates there were 64.8 million SIM cards registered in Kenya as at September 2021. This was against an adult population that stood at 26 million in 2019, according to the Kenya National Bureau of Statistics.

The telecoms regulator has in the past attributed Kenya’s SIM card penetration that exceeds 100 per cent to subscribers with multiple cards.

However, with 18.4 million Kenyans below 14 years as at 2019, a large portion of subscribers have registered their children’s SIM cards under their own names. 

CA now wants mobile network operators, broadcasters, internet service providers (ISPs) and content providers to put in place policy and technical interventions that insulate minors from harm. This is likely to introduce new costs of compliance for numerous companies operating in the country’s ICT sector.

According to the guidelines, licensees will now be required to publish and implement a corporate child online protection and safety policy and strategy. This will include a strategy to increase the development of productive and appropriate products and services targeting children. Companies will also be required to document their child online safety policies, including the number of personnel and resources provided for the same. 

Firms dealing with the collection of personal data will also be required to implement higher default privacy settings for collection, processing, storage, sale and publishing of personal data, including location-related information and browsing habits, gathered from under-age users.

“Internet service providers and application service providers shall embed the organisational and technical measures to third party agreements that shall include mechanisms to address action to be taken upon breach of the agreement,” the guidelines say.

The guidelines have been presented for public participation and if approved, will take effect within six months.