1,133 is not just a number

From the left to Right: Yassah Musa (Nubian Rights Forum), Robert Waweru (KHRC), Shaffie Ali Hussein

Reform identification and data systems first before rolling out Huduma Namba, NGOs say

21 October 2021 - 22:10

By Janet Sankale

The government has been asked to reform the country’s identification system and data protection regime to protect the rights of Kenyans and serve their needs.

A consortium of 10 organisations that described themselves as “working on citizenship, identification, human rights, and data protection” said the authorities should implement the changes before moving forward with the rolling out of Huduma Namba.

“If Huduma Namba is rolled out, it must be done in phases, with a clear transition period to eliminate discriminatory treatment and expand access to documentation under the current systems,” they added.

One of the reforms the group suggested was that all Kenyans be facilitated to have access to identification documents such as birth certificates and national identity cards.

“By focusing on reform and access to the identification system first, the government will reduce the risk that millions of Kenyan citizens will be left behind in the transition to digital,” they said in a statement released at a press conference on Monday, October 18, 2021.

The organisations, which supported the court’s ruling that barred the rollout of Huduma Namba due to violations to the Data Protection Act, 2019, also proposed the setting up of a robust legal framework and governance body for the implementation of the programme through countrywide public participation.

“Given the extensive nature of Huduma Namba and the impact it will have on the lives of all Kenyans, there is need for a national discussion about the future of identification in Kenya, including public input into the development of anchoring legislation, the system design, a governing body for NIIMS that can be held accountable for implementation and give effect to rights enshrined in the Constitution and other applicable laws.”

The consortium called for the realisation of Kenyans’ right to privacy and data protection. To do this, they asked the government to ensure that a financially independent and well-resourced data protection authority, “capable of discharging its mandate under the Data Protection Act”, is set up.

They also asked for the swift adoption of the draft Data Protection Regulations (2021).

“The government must realise its responsibility to comply with the Act by guaranteeing threats to human rights are sufficiently mitigated and all necessary data protection safeguards have been implemented,” the organisations said.

They urged the government to obey the court’s order of October 14, 2021 that directed it to carry out a data protection impact assessment, as required by the law, before processing data or rolling out Huduma cards.

Robert Waweru, the programme adviser on citizenship and statelessness at the Kenya Human Rights Commission (KHRC), stated that a data protection impact assessment was critical to ensure compliance with both data protection laws as well as human rights obligations.

“Such assessments should involve mapping of all data processing and data flows, conducting consultation with stakeholders, which for a national initiative like the National Integrated Identity Management System (NIIMS) should include widespread public consultation on the purpose and risks of the system, completing a detailed risk assessment and developing a range of measures to address the risks and ensure compliance with the law,” he said.

The consortium members include Katiba Institute, KHRC, Heralding Development Organisation (Paranet), ARTICLE 19 Eastern Africa, Centre for Minority Rights Development (CEMIRIDE), and Defenders Coalition.

The others are Namati Kenya, Nubian Rights Forum, Access Now, and Haki Centre.

They pointed out that a data protection assessment is designed to identify risks that may occur through the processing of data and put in place mitigation measures.

They urged the government to fully ensure the realisation of the right to privacy and data protection and follow the requirements and international best practices on data protection impact assessments as it completes the exercise.

In January 2019, through the ministries of Interior and Coordination of National Government and Information, Communications and Technology, the government launched the NIIMS, commonly known as Huduma Namba (service number). 

The civil rights groups petitioned the constitutionality of NIIMS based on the use of a miscellaneous amendments bill to pass substantive amendments, lack of public participation in the process, inadequate frameworks to guarantee data privacy and protection, and the risk that the system could further entrench discrimination and exclusion of marginalised groups.

In April 2019, the High Court issued interim orders that put restrictions on the government as it carried out Huduma Namba enrolment. It was restricted from making Huduma Namba registration mandatory, linking Huduma Namba to public services, collecting DNA or GPS, setting any deadline for registration, or sharing the data collected with third parties.

On January 30, 2020, the High Court stopped the implementation of NIIMS, saying it lacked the appropriate regulatory framework. However, the government went ahead to roll out the mass issuance of Huduma Namba cards and announced plans to phase out national identification cards by the end of 2021.

 “In February 2020, the KHRC and the Nubian Rights Forum filed an appeal at the Court of Appeal under certificate of urgency due to the sensitive nature of NIIMS and as a matter of public interest. A year later, the Court of Appeal has yet to give direction on the matter. While other similar cases, such as the BBI appeal, have been expedited within days of filing, the NIIMS appeal is of no less public importance as a matter of public interest, hence suggesting a deliberate and discriminatory approach in prioritising the NIIMS appeal,” a KHRC statement dated June 11, 2021 said.

Katiba Institute went to court last year to challenge the government’s decision to roll out Huduma Namba cards without conducting a data protection impact assessment, as required by Section 31 of the Data Protection Act.

On October 14, 2021, the high court struck down the government’s decision to roll out the cards due to violations to the Data Protection Act 2019.

The court found that the government had started collecting personal data from Kenyans without first determining how it would protect that data, and that the authorities had “not appreciated the import and the extent of the application of the Data Protection Act with respect to the collection and processing of data under the NIIMS”.

It ordered the government to complete a data protection impact assessment, as required by the Data Protection Act (2019), prior to processing data or rolling out Huduma cards.

Share your thoughts

By submitting this form, you accept the Mollom privacy policy.