Kenyan high court ruling recognizes phone numbers as digital ID

A recent judgement by a high court in Kenya considers a person’s duly registered phone number as a personal digital identifier that must be sufficiency protected from all forms of data breaches and privacy infractions.

According to the ruling, the Kenyan government, through the office of the Attorney General, is called upon to introduce a regulatory framework to protect phone numbers linked to people’s personal data within a period of six months, The Kenya Times reports.

The ruling, delivered recently by the Milimani High Court, was in a case brought to it by a prisoner, Erastus Ngura Odhiambo, against the state of Kenya. The lawsuit was introduced in June 2024.

Per the court decision, telecommunications companies are prohibited from recycling or reassigning dormant phone numbers, except with the consent of those in whose name the numbers were initially registered.

Justice Lawrence Mungambi ruled that reassigning registered phone numbers without consent contravenes Articles 31 (c) and (d) of the Kenyan constitution which guarantees the right to an individual’s privacy.

The ruling calls for adequate safeguards for inactive phone numbers such as those of prisoners like Odhiambo, until they retain their freedom.

Apart from consent that must be verifiable, the ruling directs that a phone number can be reassigned, recycled or deactivated only if a public notice expires after a reasonable wait period, and if sufficient protections have been put in place to ensure that data of the previous individual linked to the phone number is not exposed or transferred in an unauthorized manner to the person to which the number is reassigned.

For many in Kenya, the court verdict is a major step forward for not only for personal data protection but also for digital identity, especially in a country where digital-ID related initiatives have faced major legal challenges as infringing on constitutional rights.

Many times in the past, court rulings have halted biometric enrollment for digital ID initiatives over human rights, privacy and data protection concerns.

Data protection frameworks like the EU’s GDPR consider phone numbers as personal identifiable information, requiring a certain level of safeguards against unpermitted sharing or disclosure.

Article Topics

data protection  |  digital ID  |  digital identity  |  Kenya