On 31st December 2018, the President assented to the Statute Law (Miscellaneous Amendment) Act No. 18 of 2018 which came into force on 18th January 2019. Section 9A of the Act amended the Registration of Persons Act by establishing a National Integrated Identity Management System (NIIMS). NIIMS is intended to be the single source of personal information of all Kenyan citizens and foreigners residing in the country. The ambitious project, dubbed “Huduma Namba” loosely translated to service number, is the subject of this study.
This study provides the legal and historical context of Kenya’s national identity management system. It also examines the transition to a digital system, through the Huduma Namba project, and its human rights impact and concerns.These concerns include: the adequacy of public participation, adequacy of data protection, exclusion from access to socio-economic rights and discrimination of existing minority groups. In addition, the study highlights three countries with experience of using digital identity systems as case studies. Finally, the study provides key recommendations to stakeholders.
The methodology for this study is guided by the Human Rights Impact Assessment approach as advanced by the International Business Leaders Forum (IBLF) and the International Finance Corporation (IFC), in association with the UN Global Compact. This is a mixed approach where the researchers gathered data on the legal and human rights concerns raised by the Huduma Namba as well as insights from a consultative meeting with stakeholders.
Our findings show that there exists serious data protection concerns regarding the technical design and legal framework for NIIMS. Secondly, Huduma Namba carries the risk of excluding minorities from accessing government services. These essential services directly impact the right to equality and freedom from discrimination, freedom of association, political rights, freedom of movement and residence, labour relations, the right to property. Third, the government has not specifically addressed the rights of children in relation to the collection and integrity of their data. Fourth, the government is yet to promulgate enforceable and sufficient data protection regulations that would apply to Huduma Namaba data.
Despite the identified issues, all is not lost.The study found a variety of best practices on national digital identities from the United States of America, Estonia and India. Additionally, there are international standards on digital identity such as the World Economic Forum Emerging Best Practices which advocates for digital identity to be fit for purpose, inclusive, useful, secure and offer choice to registrants.
The experience from Estonia regarding blockchain, cryptography and back-up measures in case of a data breach is vital. India’s experience points to the challenges such as duplication in registration, data breaches and inflated numbers. Borrowing from the wisdom of the Indian Supreme Court on India’s Aadhaar case, Huduma Namba should not restrict access to essential government services such as education and healthcare.
In conclusion, the study recommends measures that can safeguard compliance with data protection principles and respect for human rights in the use of Huduma Namba in Kenya as well as key points for multi stakeholder engagement across Parliament, Executive, the private sector, civil society organisations, citizens, media, the technical community and academia.