Digital rights lobby Access Now has cautioned that mandating bio-metric data collection in Kenya’s SIM card registration process could expose mobile phone users to misuse of their personal data.
The organisation says proposed changes to the Kenya Information and Communication Act, (KICA) to introduce bio-metric registration contradicts the Data Protection Act 2020.
“Regulation 5 (1) of The Kenya Information and Communications (Registration of SIM-Cards) Regulations, 2015 provides for the requirements of SIM registration,” says Access Now in a statement. “It does not require collection of biometric data. This means that the mandatory collection of photographs for SIM card re-registration exercise has no legal basis.”
Biometric registration has also been faulted for compounding the dangers of a personal data breach and making it harder for victims to recover.
Bio-metric data such as facial features and fingerprints cannot be changed in the event of a personal data breach.
Earlier this year, the Communication Authority announced that mobile network operators have until April 15th to deactivate subscribers with incomplete records as per the regulations.
The regulator was later forced to extend the deadline by six months following public outcry and a constitutional petition challenging the directive.
It also emerged that mobile network operators gave subscribers conflicting details with some indicating that users will have to submit their photographs.
Access Now, however, says the initial directive from CA mandating the collection of photographs was an erroneous interpretation of the law.
“There is no logical and legal basis for the collection of biometric data as a prerequisite of SIM card registration,” says the lobby. “The claims telcos are making that facial biometrics will enhance security and prevent the commission of crimes are false.”
Access Now has further called out the Office of the Data Protection Commissioner, (ODPC) for their loud silence on the subject despite the collection of biometric data being classified as sensitive personal data under the laws.
The Ministry of ICT has also been put to task over plans to introduce the collection of bio-metric data into the SIM registration regulations through proposed amendments.
“The Office of the Data Protection Commissioner must immediately take action to investigate the telcos’ breach of privacy and data subject rights, advise the Ministry of ICT against making the collection of biometric data a prerequisite of SIM card registration, and offer remedy to the subscribers whose data have already been unlawfully collected,” says Access Now in its statement.