Source: Ikigai Law (New Delhi)
Digital identity programs in jurisdictions with weak privacy regulations face the risk of commodification, breach and misuse. This risk is exacerbated when governments link digital identity with citizenship, voting rights, public services, and employment. This piece discusses Kenya’s digital identity program, Huduma Namba.
Kenya’s Huduma Namba, meaning service number in Swahili, is a biometric digital identity program. It is intended to be the ‘single source of truth’ about a person’s identity. Kenya established the National Integrated Identity Management System (“NIIMS”) in 2019 through a miscellaneous act amending the Registration of Persons Act, 1949. The NIIMS is intended to administer the collection and storage of personal data for the Huduma Namba program. This amendment faced criticism for being inadequate and obfuscatory. Kenya then released a draft of the Huduma Bill, 2019 (“Huduma Bill”). The Huduma Bill is a standalone statute intended to provide firm legal backing to the NIIMS and govern its functioning. The draft of the Huduma Bill has been released for public consultation. Kenya has already collected extensive information about its citizens and residents, including biometric information such as fingerprints, hand geometry, retina and iris patterns, voice waves, as well as DNA and GPS data.
In early 2019, the Kenya Human Rights Commission, Kenya National Commission on Human Rights and the Nubian Rights Forum filed petitions before the High Court of Kenya challenging the establishment of the NIIMS and the collection of data for the Huduma Namba. Their concerns were: limited public consultation, collection of sensitive personal data in a centralised database without adequate data protection safeguards, compulsory registration, interlinking digital identity with welfare services, and the potential for exclusion of marginalised groups. On April 1, 2019, the High Court delivered a significant interim ruling (“Interim Judgement”). The Court found that there was no specific data protection legislation for the protection of personal data collected by the government. Therefore, while the Kenyan Government was permitted to proceed with the Huduma Namba program, it was specifically prohibited from:
- Making participation in the program mandatory;
- Setting any deadlines for registration;
- Making the Huduma Namba mandatory for government welfare programs or public services; and
- Sharing the personal data collected with any third party.
In contrast with the decoupling of the Huduma Namba from the delivery of welfare services in the Interim Judgement, the Indian Supreme Court in Justice Puttaswamy (Retd.) and Anr. v Union of India and Ors. upheld Section 7 of the Aadhaar Act which made the number a necessary pre-requisite for subsidies, welfare programs and public services.