Nearly half of African countries lack proper safeguards for biometric data collection

New research by ICT think tank CIPESA has exposed how many African governments collect, store and manage biometric data of their citizens, allegedly without appropriate mechanisms to ensure data protection and privacy. What constitutes appropriate safeguards is prescribed by the Declaration of Principles of Freedom of Expression and Access to Information in Africa of the African Commission on Human and People’s Rights (ACHPR).

The report is titled ‘Privacy imperiled: Analysis of surveillance, encryption, and data localization laws in Africa,’ and the study was carried out in 23 African countries. They include Algeria, Angola, Benin, Burkina Faso, Burundi, Cape Verde, Central African Republic, Congo Brazzaville, Democratic Republic of Congo, Gabon, Guinea Conakry, Cote d’Ivoire, Lesotho, Liberia, Madagascar, Mauritius, Morocco, Niger, Sao Tome and Principe, Sierra Leone, South Sudan, Sudan, and Togo.

The study as summarized by tech publication ICTworks indicates that despite the massive collection of biometric data by governments for purposes such as SIM card registration, national ID card, passport or driver’s license issuance, many of the countries do not meet data privacy safeguards provided for under international human rights law.

Many of the countries, per the report, fail to meet requirements of Principle 40 of the ACHPR Declaration which guarantees people’s rights to privacy and protection of their personal information, and also Principle 42 of the same Declaration which urges states to put in place appropriate legislative regimes that protect personal information in line with prescriptions of international human rights law, notes ICTworks.

The research also finds that some countries have data protection laws which are flawed, inadequate or not fully implemented, and in many cases, with little or no strong oversight mechanisms to ensure regulatory compliance.

Another concern noticed by the researchers is the ease with which third parties such as security agencies can have access to biometrics and other data under the guise of enforcing law and order. They cite Algeria as an example of a country where the law on protection of personal data allows for the processing of sensitive personal information for the public good.

The report acknowledges that mass data collection is a threat to data privacy and African governments must thus put in place laws that have the capacity to effectively protect people’s biometric data collected for official use.

Article Topics

Africa  |  biometric data  |  biometrics  |  data protection  |  legislation  |  privacy  |  surveillance