NAIROBI,Kenya – In an age where digitalization dominates various aspects of life, handling citizens’ personal information has become a topic of immense importance. Like many other countries, Kenya is undergoing rapid digitization, raising questions about the fairness and legality of digitalizing citizens’ personal information.
Digitalizing personal information involves collecting, storing, and processing individuals’ data in electronic format. This data encompasses a wide range of information, including but not limited to identification details, biometrics, financial records, and health information. In Kenya, initiatives such as the Huduma Namba project and digitization of government services have significantly accelerated the digitalization of citizens’ personal information.
Additionally, the alarming rise of cyber warfare and digital censorship poses severe threats to freedom of expression and information dissemination. Governments and private entities must refrain from using technology for surveillance and censorship, respecting individuals’ rights to express their opinions and access information freely without fear of reprisal or restriction.
In November 2023, the Kenyan government initiated a trial programme for the new digital IDs. First-time ID applicants will now be granted the “new Maisha Card,” according to the administration. Applicants needing to replace defaced or lost cards would also receive a new one.
Disagreeing with issuing digital IDs can stem from various concerns, including privacy, security, and potential infringement on civil liberties. Some might disagree with issuing digital IDs because they often involve collecting and storing personal information in electronic databases.
This raises concerns about who has access to this data, how it’s stored, and how it might be used or misused by governments, corporations, or hackers. Secondly, storing personal information digitally can make it vulnerable to cyber-attacks and data breaches. If a digital ID system is compromised, it could lead to identity theft, financial fraud, or other forms of cybercrime. Thirdly, some argue that requiring citizens to have digital IDs infringes on their rights to privacy and freedom of movement.
They may see it as a form of government surveillance or control over individuals’ lives, and finally, implementing a digital ID system could disproportionately affect marginalized communities that may have limited access to technology or face barriers in obtaining official identification documents. This could exacerbate existing inequalities and lead to further exclusion and discrimination.
The right to information is enshrined in various legal instruments globally, including Kenya’s Constitution. It guarantees citizens access to information held by public bodies, subject to certain limitations. While this right primarily pertains to access to government-held information, its principles can be extrapolated to digitalizing citizens’ data.
The fairness of digitalizing citizens’ personal information hinges on several factors, including whether citizens are adequately informed about the data being collected, how it will be used, and who will have access to it.
Transparency is essential to ensure individuals can make informed decisions about their privacy. Is consent obtained from individuals before collecting their personal information? Consent should be freely given, specific, and informed, per data protection laws. Are robust measures in place to safeguard citizens’ data against unauthorized access, misuse, or breaches? Adequate security measures are vital to protect individuals’ privacy and prevent identity theft or fraud. Is the collected data used only for its intended purpose, or is it shared or repurposed without consent? Adhering to the purpose limitation principle ensures that personal information is not misused or exploited. Are there mechanisms to hold entities responsible for misusing or mishandling citizens’ personal information? Accountability mechanisms, such as data protection authorities, are crucial in enforcing compliance with data protection laws.
Case example includes the Kenyan World Coin Case, which reiterates that technology in Kenya is based on the assumption that a foreign company can walk into the country and implement their technology projects maliciously by luring citizens with money to key in their data that is not well acquainted to them or using the correct data protection procedures. This is where the legal fraternity comes in to appreciate citizens’ data protection issues and build jurisprudence through their wise decisions.
In conclusion, while digitalizing citizens’ personal information can enhance efficiency and service delivery, it must be done to uphold fairness and legality. From the perspective of the right to information in the Kenyan context, ensuring transparency, obtaining informed consent, implementing robust security measures, adhering to purpose limitations, and establishing accountability mechanisms are essential.
By prioritizing these principles, Kenya can navigate the complexities of digitalization while safeguarding citizens’ privacy rights and promoting transparency and accountability in handling personal data.
Charles Jaika is a lawyer working at ICJ Kenya. You can reach out to him on: jaikalaw@gmail.com. This article was published on the standard.