Kenya: Joint memorandum asks for Huduma Bill to fully protect rights

Kenya: Joint memorandum asks for Huduma Bill to fully protect rights - Digital

On 7 January 2022, ARTICLE 19 Eastern Africa together with a coalition of Civil society Organizations submitted a joint memorandum to the National Assembly in Kenya calling on it to ensure the proposed Huduma law promotes the full realization of access to legal identity, the right to privacy and data protection. 

The Huduma Bill 2021 was introduced to Parliament on 15 December 2021 and seeks to provide a law on civil registration and legal identification management and establish the National Integrated Identity Management System (NIIMS), Kenya’s digital identity system. ARTICLE 19 is committed to ensuring every person in Kenya realizes their right to nationality and access to citizenship documents which enables them to freely exercise their right of access to information and freedom of expression. 

However, from our analysis, ARTICLE 19 is concerned that the bill bears provisions that negatively impact on the right to privacy and data protection. To begin with, it allows for government entities to use foundational data under NIIMS for authentication without clarifying which entities will have access to biometric data. ARTICLE 19 has long expressed concern over the impact of biometric technologies on freedom of expression therefore even where government agencies use foundational data under NIIMS for authentication, this should not permit them to gain access to biometric data.

 The bill further provides for the potential of ‘mission creep’ where the NIIMS Database can be used to execute functions not originally approved. This can be seen with the use of NIIMS database to create and maintain the Independent Election and Boundaries Commission (IEBC) voter registration database as well as the potential to allow private entities to use the NIIMS database increasing the risk of commercial exploitation of data and profiling.

In addition,  we are concerned about the possible security breaches, which are higher in the case of centralized databases. There is also the risk of mass state surveillance especially in public spaces which are more likely to affect marginalized communities. 

In addition, ARTICLE 19 is concerned the bill has failed to sufficiently address the risk of exclusion under NIIMS. In 2020 the High Court of Kenya held that there is a segment of the population who run the risk of exclusion due to lack of identity documents or poor biometric data and asked the state to develop a clear regulatory framework that addresses the risk of exclusion. We reiterate that the provisions in this bill are not sufficient to comply with this judgment. 

Therefore, the  consortium calls on parliament to implement the recommendations proposed in our earlier statement which include: 

  1. Public Participation. The government must invest in building user trust and confidence in digital ID, including through meaningful and robust engagement on the anchoring legislation, the system design, and with the governing body for NIIMS.
  2. Ensure a fully inclusive identification system. The Government must ensure all Kenyans can access identification documents such as birth certificates and national identity cards prior to moving forward with Huduma Namba.
  3. Need for a transition period. The law must provide for a multi-year transitional period between the current Registration of Persons Act and the Huduma Act. The transition period will focus on expanding coverage of birth registration and ID card issuance, prior to NIIMS enrollment and allow for taking the public through proper civic education and comprehensive training of all government officials in registration and related agencies that would use NIIMS.
  4. Ensure the full realization of the right to privacy and data protection.  We call for compliance with the principle of necessity and proportionality and increased investment in data security infrastructure. There is a need for the authorities to develop regulations to guide interoperability and data protection under NIIMS. The regulation could address matters like data protection impact assessments, retention periods, and code of practice for use by law enforcement agencies.
  5. Governance and Institutional Framework for NIIMS.  There is a need to establish an agency or commission as a competent, robust, and independent institution responsible for the planning, management, administration and implementation of NIIMS and the Bill. Such an agency would be in line with Sustainable Development Goal 16.6 to develop effective, accountable and transparent institutions.

Read the full list of recommendations in our Joint Submission here: Huduma Bill 2021 – Coalition Submission Jan 2022

For more information please Contact Mugambi Kiai at mugambikiai@article19.org, Regional Director for ARTICLE 19 Eastern Africa