A few weeks ago (on 14th October 2021, to be precise), in yet another classic episode, the Government of Kenya was badly humiliated by the high court. The Huduma Namba was declared illegal for conflicting with the Data Protection Act. Kenyans, starting with me, were (and continue to be) very excited about this. We just can’t wait for more of these entertaining shows. And telling from the Attorney General’s reaction after the ruling, we are going to be treated with more of such thrills. On 27th October, the man representing the government on matters of law decided to continue the vain attempt of pushing the project (Huduma Namba) down Kenyans’ throats. He declared that the government is going to appeal the ruling. Huh! for the millionth time. Well, shamelessness is dangerous, more so because it brings with it pride, chest-thumping, and ‘I-will-do-what-I-want’ attitude. This describes the Kenyan government. Even when Kenyans would rather entrust the devil with their data than their government, the latter has decided to ignore this fact and continued coercing the citizens to willingly ‘submit/produce their documents or else…’ We had actually thought that the government would read the writing on the wall in January 2020 when the High Court first declared the initiative illegal. But it didn’t.
A Brief Reminder
In case the details of this project have already gone off your memory (perhaps due to the many Covid-19 restrictions and daily hustles), let me do you a favor of a reminder, a brief one. The Huduma Namba was an exercise conducted by the Government of Kenya through the National Integrated Identity Management system (NIIMS) and involved collecting bio-metric data (and every other data) of every Kenyan after which the system was to generates a unique number (Huduma Namba) which will enable one to access all government services. The project was initiated and carried out by the government in the better part of the year 2019. The exercise that was to end with every Kenyan – regardless of age, gender, and occupation – getting a card with a unique number, so said the government, would go a long way in service delivery to the citizens. The mandatory documents required to register for a Kenyan citizen above 18 years of age was an original national ID card and those below 18 years an original birth certificate. Foreign residents were required to bring their passports or alien cards. Those who didn’t have these documents were supposed to present themselves to the NIIMS registration officers. Other information that was required included:
- Place of birth
- Disability registration number
- National Hospital Insurance Fund (NHIF) number
- National Social Security Number (NSSF)
- Passport number and expiry date
- Birth Certificate Entry number
- Driver’s license number
- Kenya Revenue Authority (KRA) Personal Identification Number (PIN)
- Marital status and spouse name and ID/Passport number
- Parent or Guardian name and ID/Passport number
- Permanent and Current address
- Contact details
- National Education Management Information System (NEMIS) number
Now, in case you thought the government was joking about this and you dismissed the initiative as an idle men’s play (as I did), the Huduma card was to serve as the official government-issued document for identification and conduct of transactions. Without this card, you were not to be allowed to marry, vote, pay taxes, own or sell land or a car or transact anything within the Kenyan territory. Alas! Still, in case marriage was not in your mind, you didn’t plan to own/sell any property, and you abhor the whole thing of voting and paying of taxes and you thought that those were enough reasons to snub the Huduma namba registration, get this straight; one could face imprisonment of up to 5 years for failing to register for Huduma Namba/ card within the government stipulated time.
Then,
Several smart Kenyans sniffed a dead rat in this whole thing and sought the intervention of the courts. I had seen it the very moment the Cabinet Secretary held a press briefing to ramble about the initiative. There was something fishy with the way he arrogantly “pleaded” with Kenyans to come out and register for this evolutionary magic number/card. For you see, according to the same government, the main aim was the introduction of a centralized population register that could facilitate sharing of data across a wide range of functional government and/or private databases and users for a wide range of services and transactions. This was clearly different from the prevailing situation where data is stored in separate databases, i.e. every government/private entity maintains its database.
Again, this whole huduma Bill, as it was called, had no single clause addressing data protection measures. Now, even the most unschooled person could sense a risk to privacy in this arrangement. Anyone can tell you that centralization of personal data poses a lot of threats, including inviting cyber-criminals and hackers to attempt to access valuable datasets on citizens. For you see, centralized databases such as the one the Kenyan Government was trying to come up with hoard so much data that the cost-benefit ratio definitely tilts in favor of attackers.
A case in point
Take for example a similar project in India (the first Aadhaar system) where the collected data was corrupted, sometimes returning different profiles of people on one number and also led to leakages when disgruntled state officers sold off the data to brokers.
The High Court’s Timely Intervention
On the 30th of January 2020, the high court, in a 500-page judgment, halted the implementation of Huduma Namba highlighting the following:
- The court has found the legal framework on data privacy “inadequate and totally wanting” as a result of a rushed process. The court notes that the law is unclear and ambiguous because it lacks an operational framework for NIIMS. Information collected under NIIMS falls under the category of sensitive personal data, which would pose serious risk in case of loss or unauthorized access.
- The court has found NIIMS to have a high risk of excluding an entire segment of the Kenyan population. Catastrophic exclusion from the system and services could affect people lacking documentation, people facing hurdles with biometrics, and many others.
- The court declares that the amendments allowing collection of DNA and GPS are unconstitutional and should be struck off due to their intrusive and unnecessary nature.
That’s where we left things. Then, a month or so later, one Saturday, during a state function, out of the blue sky the president resurrected the subject of huduma Namba project and the plan of his government to embark on it. He then called upon us to cooperate. Well, the government swore to appeal for the initial court ruling declaring the initiative illegal. It did appeal, but lost again, then appealed again, and lost, in the most recent incident. Well, Mr. President, if you, or any of your advisers, by any good chance find yourself reading this article, please note this; Kenyans are still standing at the very point the court halted implementation of the huduma namba initiative, and are not ready to move further on this until you release a comprehensive and convincing report on how you are going to protect our sensitive information, and assure us that your corrupt state officers will not play silly games with it. With that, sir, I remain patriotically Kenyan.
4 thoughts on “Huduma Namba: The Data Privacy questions still lingering in Kenyans’ Minds”
What’s up to every single one, it’s truly a nice for me to
go to see this website, it contains precious Information.
A bad excuse is better than none.
With lies you may go ahead in the world but you can never go back.
I have been absent for some time, but now I remember why I used to love this site. Thanks, I will try and check back more frequently. How frequently you update your website?