“The Cart Before the Horse” – A Kenyan Court Just Quashed a USD 95M Biometric Digital ID Project
Published: 18/Oct/2021
Source: Temple University Law School (Philadelphia)
By Laura Bingham
The case is a watershed moment in the regulation of data-driven public sector initiatives
The Context: A Global Biometric Identification Industry
Digital technologies dominate decisions about the future of public infrastructures like civil registration and electoral systems, social assistance, and banking. The prospect of digital transformation in these sectors stokes optimism in emerging economies and receives ample support from influential international development and foreign aid institutions like the Inter-American Development Bank, the European Union, and the World Bank.
In the case of digital identification systems (digital ID), the 2030 Sustainable Development Goals, specifically Target 16.9 which obliges governments to “provide legal identity for all,” unleashed a tidal wave of global investment (from wealthy economies). Those investments are tied to the untested assumption that there is a rough equivalence between a digital ID, and legal identity, which is anchored in the human right to recognition as a person before the law. The actual integration of human rights and development languishes far behind the implementation of these technologies, but further investment in understanding and mitigating the human rights implications of this massive digital ID industry couldn’t be more urgent.
Most digital ID systems utilize biometric identifiers like fingerprints or facial images as a means of matching records (an anti-fraud mechanism that is far from foolproof). In most cases, new e-ID technologies are also layered on top of existing identification systems of all shapes and sizes, without meaningful public engagement or regulatory reform. All over the world, as systems roll-out in rapid succession, a growing body of evidence suggest that the people already struggling with structural disadvantage under these regimes end up suffering compound harm in a digital transformation. In many countries, the systems are rolled out without a data protection law or in the absence of an implementing framework (see Uganda, India, Jamaica, and Brazil, for example).