New biometric capture not authorized for Kenya SIM registration, govt clarifies

The Communications Authority of Kenya (CA) has explained that it has not authorized telecommunications companies in the country to collect fresh biometric data for the registration of new SIM cards after new rules were gazetted.

In a statement issued on November 18, the telecoms sector regulator said it had taken note of some grumbling by citizens over fears that telcos will ask them to submit biometrics afresh for mobile subscriptions.

This fear is said to have been sparked by a misreading of the revised SIM card regulations which were released in May, as by Capital FM reports.

Before the revised SIM card rules, some telcos in the last few years had required citizens registering or updating their SIM card registration information to provide face biometrics, a move that provoked reprobation. Digital rights organization Access Now challenged the practice at the time and called for the deletion of all biometric data already collected.

“For the avoidance of doubt, the CA has not issued any directives for the collection of biometric data by our licensees,” the regulator’s statement reads.

It reiterates the purpose of the new rules, noting that they were published to protect citizens from SIM card-related fraud and other criminal activities including identity theft, SIM box fraud, and scams; strengthen the integrity of telecommunications services, and support secure access to digital services such as mobile money, digital government and digital trade.

However, it states that the rules themselves only define what constitutes biometric data, but do not require their capture anew from those registering their SIM cards.

What that means is that all those seeking to activate a SIM card only need to fill their personal ID information in a Form 1, while their biometrics are verified against existing data in the government database.

“The new sim card regulations do not contain any provision for the collection of biometric data. The regulations define biometric data as personal data derived from specific technical processing based on physical, physiological, or behavioural characteristics, including blood typing, DNA analysis, fingerprints, earlobe geometry, retinal scans, and voice recognition,” the CA explained in its clarification note.

“This definition does not mean that all this information will be collected from subscribers during SIM card registration. As a matter of fact, the Authority has not directed our licensees to collect this data.”

Given the sensitive nature of the data involved, the CA said it has given stringent directives to its licensees on how to handle and share subscriber data and operators are “required to institute clear, fair, and transparent procedures for all dealings with consumers.”

While emphasizing the need to stick to regulatory provisions in the management of biometric data, the authority also reiterated its support for “innovations that uphold privacy and undertakes to roll out privacy-enhancing features consistent with the law in partnership with industry stakeholders.”

Article Topics

biometrics  |  data collection  |  identity verification  |  Kenya  |  regulation  |  SIM card registration