Registration of Persons (National Integrated Identity Management System) Regulations, 2020

Executive Summary

ARTICLE 19 Eastern Africa (or ARTICLE 19 EA ) and the Kenya ICT Action Network (or KICTANet ) present this memorandum in response to the call for public participation on the said Registration of Persons (National Integrated Identity Management System) Regulations, 2020 currently being considered by the Cabinet Secretary, Ministry of Interior, and Coordination of National Government.

Key Recommendations

The following is a summary of our key recommendations:

1. The civil registration and identity management framework should be enacted through a stand-alone Act of Parliament. This should be subjected to (bicameral) legislative oversight and effective public participation. Notably, regulations, which generally provide guidelines of practice, cannot be used to regulate and create substantive systems which have implications on the effective and proper functioning of government, and which directly affect individuals’ identity.
a. Recommendation: Enact an ‘appropriate and comprehensive’ civil registration and identity management through an Act of Parliament introducing a Bill to amend the Registration of Persons Act (CAP 107).

2. The Regulations exceed the ambit of the Registration of Persons Act (CAP 107) and should not provide for the registration of infants and minors.

3. The Registration of Persons Act (CAP 107) should be amended to provide for a specific government entity responsible for the NIIMS, other than the Principal Secretary (whose docket is not named in either Act or the Regulations). All the functions relating to the registration of persons should be with the Principal Registrar and staff under section 4 (and Schedule) of the Registration of Persons Act (CAP 107).

4. The regulations should provide explicit ( technical, personnel and procedural ) safeguards to ensure that registration information is accorded the highest safety and security, management and governance protection. This will ensure that trust is maintained in the digital ecosystem, by providing sufficient protection against abuse by authorised persons (public organs and private entities), independent
contractors, amongst others.

5. The regulations should provide explicit ( technical, personnel and procedural ) safeguards for the collection, processing, use, and transfer of NIIMS data relating to the registration of persons in line with the requirements under the Data Protection Act, 2019.

6. In conjunction with civil society and other stakeholders, the Ministry should develop ‘appropriate and comprehensive regulatory frameworks’ which adhere to the High Court’s orders in Consolidated Petitions No. 56, 58 and 59 (2019) and which pay appropriate homage to the Data Protection Act (2019). This will ensure that the Regulations adhere to and respect fundamental rights of freedom of expression (or FOE ), the right to information (or RTI ), the right to privacy in the Constitution of Kenya, 2010 and international law.