Regulator accused of inaction as Namibian telco unlawfully collects biometrics
There are concerns in Namibia that the country’s largest mobile communications company, MTC, has been collecting the fingerprint and face biometrics of citizens for the registration of their SIM cards outside the provision of the law, while the regulator looks away.
Namibia launched a voluntary SIM card registration campaign last year which ran from July to December, but the government says a new mandatory drive is happening between January and December 2023. It is now compulsory for any new SIMs sold or activated to be registered first, reports RegTech Africa.
A researcher at the Institute for Public Policy Research (IPPR), Frederico Links, argues in an article that the collection of biometrics for SIM registration is against Part 6 of Chapter 5 of Namibia’s Communications Act of 2009 as well as other directives given to telecommunications operators concerning the process.
The legal framework for SIM registration only covers the registrant’s basic information such as their name, date of birth, address, and copy of identification document, namely an ID card. Yet MTC has been collecting fingerprints and photographing faces.
However, as Links notes, regulatory authorities such as the Communications Regulatory Authority of Namibia (CRAN), which is reminding people to register, has remained apparently silent over the practice. This is not going down well with many Namibians who feel worried especially as there is currently no law in the country governing personal digital data protection and privacy.
Links mentions that during the voluntary SIM registration campaign last year, the IPPR received a plethora of complaints from citizens concerning the biometric data collection matter.
The researcher says MTC Namibia failed to respond to a request for comment on why they were collecting biometric data for SIM registration, a requirement not provided for in the Communications Act of 2009.
Nonetheless, he says the CRAN, on 9 January, responded to a request for comment from him saying “operators are required to only collect customer identification information as stipulated in the regulations and conditions.”
CRAN is also said to have told Links to file a complaint against MTC if that is what was needed to obtain redress.
It is not clear what action CRAN itself is taking against MTC on the issue.
In the meantime, the unlawful collection of biometrics for SIM registration has happened elsewhere in Africa in the past including in Kenya where telco Safaricom obliged registrants to submit their face biometrics to have their SIM cards re-registered.
In December last year, digital rights watchdog Access Now called on the company to delete all the biometric data collected.