Tunisia’s biometric ID project back on the table but advocates want data protection guarantees
After failed attempts in 2015 and 2020, the Tunisian government has resumed the idea of introducing biometrics-based identification documents such as national IDs, residence cards and passports.
A bill in this respect has been tabled in Parliament for scrutiny, but rights advocates and civil society organizations have raised concerns about the risk of data breaches, saying the existing data protection legislation in the country is not enough, The National reports.
The bill, which was tabled in Parliament by the Minister of Interior last week, also contains other proposals including the reduction of the legal age for an ID card from 18 to 15, and possibly 12, upon parental consent; and the non-mention of a person’s profession and the name of their spouse on the card.
Recently, members of the rights and freedoms committee of the Tunisian Parliament held a debate on the bill during which they sought assurances from Interior Minister, Kamel Feki, about a stronger legislative framework for personal data protection.
While members of the committee are okay with the introduction of biometric-based identification documents because they’ll help in the fight against identity theft and fraud, they believe it is important to “provide safeguards to protect Tunisians’ personal data from misuse and any potential hacking.”
Vice President of the committee, Mohamed Ali, is quoted as underlining the importance of having a secure system to avoid infiltration like has been the case in the past where the country’s system was breached with several important ID credentials falsified.
A policy analyst at digital rights campaign group, Access Now, Cherif El Kadhi tells The National that if sufficient guarantees are not in place, a centralized database of a biometric ID system could either be used by the state as a surveillance tool, or the data could be compromised and sold to cyber criminals.
The biometric ID project will be implemented by the National Personal Data Protection Instance – a data protection agency created in 2004 – but which critics say lacks the statutory powers to enforce solid data privacy and security measures.
Data protection is a key consideration for digital ID projects around the world. In Kenya, a planned rollout of a new digital ID was halted by a court last year because there was no clarity on a data protection impact assessment plan (DPIA).
Tunisia, a foundation member of the Smart Africa Trust Alliance (SATA), is one of six countries which, last year, signed a declaration on data and digital ID interoperability to advance their digital and economic integration and prosperity objectives. SATA is a collaborative initiative aimed at fostering trust and promoting secure and responsible digital transformation in Africa.