How new initiative can avoid Huduma Namba’s fate

Tuesday, April 2nd, 2024 11:32 | By
Image used for representation. PHOTO/Techweez
Image used for representation. PHOTO/Techweez

Kenya began its digital transformation journey in 2019, through programs such as the National Digital Identity Program (NDIP).

As part of this initiative, the government implemented the failed Huduma Namba Project, which is now being replaced with the Maisha Namba, currently in the pilot phase.

The program aims to modernize and improve public service delivery. However, the centralized data collection and surveillance technologies pose significant privacy risks that require rigorous review and mitigation strategies.

A significant privacy apprehension associated with the NDIP’s centralized data collection is the potential for data breaches and unauthorized access to personally identifiable information.

Situated within a centralized database, the substantial quantities of biometric and demographic information acquired from citizens, including but not limited to fingerprints, face scans, names, and addresses, render it an enticing prey for malicious actors and hackers.

Identity theft, financial fraud, and other forms of cybercrimes could result from a violation of this database.

The significant gathering of biometric data raises worries about the potential of function creep, which occurs when data obtained for one purpose is repurposed for another without users’ agreement.

While the NDIP may originally be designed for identity verification and service delivery, there is a risk of mission creep, in which the government uses biometric data for surveillance, law enforcement, or other objectives. This might jeopardize privacy rights and weaken faith in the government’s data gathering efforts.

A further privacy concern associated with centralized data collection is the absence of transparency and accountability regarding the processing of citizen data. Without well-established standards and accountability structures, government agencies and third-party contractors involved in digital identity system maintenance run the danger of misusing or exploiting data.

Concerns have also been raised about the lack of safeguards in place to prevent unauthorized access to citizen data, as well as the lack of options for individuals to see, modify, or delete their personal information from the database.

Furthermore, centralized data gathering and surveillance endangers free expression and association because individuals may worry that the government may monitor or spy them based on their digital footprint. This might have a chilling impact on online conversation and action, especially in areas where dissenting voices are targeted or prosecuted.

Moreover, the use of surveillance technology, such as face recognition systems, raises concerns about possible discrimination and profiling of specific groups.

It is critical to enact and adopt stringent data protection rules and regulations governing the collection, storage, and processing of citizen data in order to address these privacy concerns.

The regulations should incorporate principles like consent, purpose limitation, data minimization, and purpose limitation, which guarantee that gathering of data is limited to that which is necessary for legitimate purposes and with the consent of the individual.

It is also imperative to enhance the operations of autonomous monitoring bodies, such as the Office of the Data Protection Commissioner, which was established to supervise government data collection activities and ensure adherence to privacy and human rights standards.

In addition, procedures for accountability and transparency should be established to increase public confidence and trust in government data collection efforts.

Constitutionally, public participation and input are necessary to guarantee that citizens have a say in the formulation of data privacy policies and procedures.

By prioritizing transparency, accountability, and robust data protection measures, Maisha Namba can build trust among citizens and ensure the responsible handling of sensitive personal information.

—The writer is an Advocate of the High Court and an LL.M Candidate -Cybersecurity Data Protection and Privacy

More on Opinion