On February 18 2019, the government of Kenya publicly announced the rolling out of Huduma number, a single number that is linked to a resident’s personal identifiers including biometric and demographic data in digital form.
Huduma number was made law through the Statute Law (Miscellaneous Amendments) Act No. 18 of 2018 which introduced various critical amendments to the Registration of Persons Act, Cap 107.
This Miscellaneous Amendments Bill came into force on January 18, 2019, a mere 19 days after the President gave his assent with no public consultation.
Commenting on the development, the Paradigm Initiative’s Google Policy Fellow, East Africa stated, Rebecca Ryakitimbo, ”the Act introduced a National Integrated Management system to maintain a national population register for all persons within Kenya including registered foreigners and merge several public registers including immigration register that has passport details”.
Paradigm Initiative is also in court in Nigeria over a similar issue as related to the National Identification Number (NIN) registration conducted by the National Identity Management Commission (NIMC).
But, according to the Government of Kenya, the number would ease identification processes and public service delivery.
“However despite the positive image painted by the government, human rights defenders and residents have urged that the Huduma number violates the right to privacy, equality, the right to non-discrimination in the bill of rights and the right to public participation”, the PI’s statement reads.
“On February 14 2018 Nubian Rights Forum (NRF) filed a case in the High Court of Kenya Constitutional and Human Rights Division against its rollout. Other institutions like Kenya Human Rights Commission and the Kenya National Commission on Human Rights filed similar cases on February 18 2019.
“This cases stalled the roll out. However in April the High Court allowed the government to launch the Huduma registration but with several conditions pending hearing and determination of suit against the programme. ‘Gbenga Sesan, the Executive Director, Paradigm Initiative, noted, ”Among the conditions the court issued on the government included been barred from forcing Kenyans to register, using the data to withhold any services and sharing the collected information with international bodies. The State was also prohibited from including DNA in the biometrics”.
In effect to this the parliament of Kenya has drafted the Huduma Namba Bill 2019 to address some of the concerns raised over its roll out and has issued a public notice for comments on the said bill.
Ideally Huduma namba shouldn’t have been rolled out until the enactment of sufficient legal mechanisms such as the data protection law and the proposed “huduma namba bill”.
Rebecca Ryakitimbo added, ”The Huduma namba bill makes Huduma namba mandatory in payment of taxes at the Kenya Revenue Authority (KRA), opening of bank accounts and undertaking land transfers among others. As a result residents may be denied their constitutional rights simply because they do not have one. The same applies for sanctions and fines that follow non-compliance taking away citizens control over their data”.
The Director of Programmes, Paradigm Initiative, Tope Ogundipe, noted, ”The penalties under the bill are unrealistic and unreasonable. Some provisions such as registration of passports do not allow for due process, and residents cannot appeal if denied passports according to the bill. Provisions of the bill should not deny residents access to services by making huduma namba a de facto requirement to access public services, including health services”. As the Parliament of Kenya deliberates on the bill it should look at the bill’s implication to the right to privacy and ensure it encompasses data protection principles and provide for principles of fairness and transparency, data minimization and accountability. Understanding the nature and sensitivity of this kind of “data bank”, it is necessary that sufficient mechanisms are in place to ensure that the system is not vulnerable to breaches and that risk mitigation plans are in place.