Author: Prof. Sylvia Kang’ara
Edited by: Grace Githaiga and Victor Kapiyo
Published by: Kenya ICT Action Network (KICTANet) with support from Huawei.
In 2018, Kenya launched a national digital identification system known as the National Integrated Identity System (NIIMS) and later as the Huduma Namba. It was initiated through Executive Order No. of 20181 and given legal effect through amendments to the Registration of Persons Act2. An Inter-Ministerial Coordination Committee on Huduma Namba was set up to steer the enrollment of the public among other functions. The process of enrollment began in early 2019. Subsequently, a lawsuit was filed challenging the constitutional validity of the legislation effecting NIIMS. After the preliminary hearing, the government was allowed to proceed with implementing NIIMS subject to limitations pending the hearing and final determination of the case. The judgement was delivered in January 2020 allowing Huduma Namba enrollment to continue subject to compliance by the government with the court’s directives.
This brief discusses the policy and legislative framework for Huduma Namba. It highlights the issues that have arisen since its launch and the challenges the government has faced implementing the system, particularly the apparent disconnect between the National ICT Policy of 2019 which outlines the government’s policies on digitization and integration of national population registers, on the one hand, and constitutional protections for privacy, data protection, security and inclusivity, on the other.
The key materials evaluated and analysed in this brief are government policy statements, relevant legislation and the documented evidence adduced in the Nubian Rights Forum Case by government officials, expert witnesses and citizen litigants. The review and analysis of these materials is done in order to identify the gaps in digital identification law in Kenya and to advise on how legal pitfalls may be avoided in future. The analysis also shows how the various pieces of legislation on digitization, registration of persons and data protection work together, the new obligations that arise as a result of new legislation and some of the administrative changes that new legislation will precipitate at the risk of legal liability for non-compliant entities. Given the fact of regional integration and globalization and the importance of digital identification in international governance questions, the brief also also discusses the international laws and policies influencing decision-makers in this area.
The brief makes a number of recommendations, chief among them being the need to take into account and ensure compliance with the directives of the High Court. The Court made it clear that digital identification could not take place in a regulatory vacuum that lacked basic privacy protections for citizens and that also lacked an implementation strategy that installed key duty bears in Huduma Namba implementation. The required legislation will need to be passed, gaps in policy filled and vacant administrative positions filed.