HUDUMA NAMBA JUDGEMENT SUMMARY
By Grace Mutung’u and Jaaziyah Satar
Kenya introduced digital ID vide an amendment to the Registration of Persons Act in December 2018. The amendment introduced the National Integrated Identity Management System (NIIMS) that centralises all government identity systems, popularly known as Huduma Namba (Swahili for service number). CIPIT has discussed the Huduma Namba in previous blog posts. In January 2019, three petitions opposing NIIMS were lodged. Interim orders that partially permitted the NIIMS project were issued in April. The petitions were heard in September of 2019. Judgement was delivered on the 30th of January 2020.
Grounds for the petition
The petitions were grounded on several constitutional issues among them: that NIIMS perpetuated discrimination against groups like Nubians (the first petititoner) who undergo different administrative processes when seeking national identity documents. As the process involves security vetting, groups such Nubians would therefore be profiled during the vetting. Another ground was the procedure used to enact the Bill as it did not go through the Senate. Petitioners also argued that the Bill was unconstitutional as the omnibus style (collation of several bills into one) prevented the public from adequately engaging with the Bill.Finally, petitioners also protested that the amendment was a violation of the right to privacy, due to the intrusive nature of data that was to be collected.
Summary of issues
The court determined that there were three main issues for determination: the legislative procedure, the right to privacy and right to equality and non-discrimination.
a. Whether there was Public Participation
The petitioners argued that the public was generally unaware of the Bill and the time provided for public participation was very limited, the notice in the newspaper having only provided for 7 days. The respondents countered that there had been a sufficient amount of time provided to the public to provide their feedback on the amendments made to the Bill from the time it was gazetted.
The court found that the time for public participation should have been considered during the entire legislative process – from the point of publication of the Bill.
b. Whether use of an omnibus Bill was unconstitutional
The petitioners argued that the substantive amendments were done using miscellaneous Bill containing 67 other statues. Being a substantive issue, the amendment to the Registration of Persons Act should therefore have been done in a separate Bill to give the Bill the sufficient attention it deserved. They further argued that omnibus Bills should be used for minor, non-controversial issues and an issue affecting fundamental rights was too fundamental for an omnibus Bill.
The respondents’ response was that there is no constitutional procedure for amendment of statutes. In any case, the long title of the Bill indicated that it was a miscellaneous Bill amending many statues. In practice, each Bill in the omnibus had been treated separately. The respondents also invoked separation of powers, urging that the Judiciary could not dictate to Parliament on its internal mechanisms.
The Court held that since there was sufficient public participation and it was handled by various committees, and found that the use of the omnibus Bill was not unconstitutional.
c. Whether the omnibus bill should have been taken to the Senate
The petitioners argued that NIIMS affects counties as it is a means of service delivery which is tied to devolution. Respondents were of the view that the Bill did not affect counties as it did not affect powers of county governments.
The Court held that the pursuant to Section 11 of the Fourth Schedule of the Constitution, registration of persons is a function of national government. The Bill need not have gone to the Senate.
Noting that the Petitioners did not plead that the Bill had not been subjected to a process of determining whether it affected counties, the court ignored the issue.
2. Right to privacy concerns
a. Whether the personal information collected pursuant to the amendments to the Registration of Persons Act is intrusive, excessive and disproportionate to the stated objectives of NIIMS
The petitioners made several arguments: that the collection of biometrics under NIIMS is purpose free; the data collected was overly detailed without corresponding information on purposes for the data; collection of DNA and DNS is overly invasive: the detailed data being collected to go to the core of what makes us human hence NIIMS was dehumanising.
The respondents argued that the right to privacy is not an absolute right. The DNA was not captured and it would be used for countering terrorism threats. They also argued that GPS data had not been collected and that NIIMS was acting in the state’s best interest by collecting data that was already in existence (in the state’s database).
The Court held that biometric data, especially DNA, must be protected against unauthorised access. There should be a sufficient data protection/security measure in place designed to prevent unauthorized data breaches.
Information such as GPS coordinates need to be collected pursuant to the impugned amendments to the Registration of Persons Act is necessary and is therefore not unconstitutional.
b) Whether the rights of children to privacy are violated or threatened with violation by the impugned amendments;
In relation to children’s right to privacy the petitioner’s argued that Section 2 of the Registration of Persons Act applies to adults and the amendments do not include children. Nevertheless, they presented principles that should have been considered in the form of regulations for safeguarding children’s data. This included issues such as taking note of the evolving capacity of children as well as managing their transition from childhood to adulthood.
The respondent’s argued that the government needed to register children’s birth registration did not capture every child and that registration of children helps reduce child trafficking. They further argued that NIIMS had the best interest for the child in mind and that collection of DNA established a child’s paternity.
The court applied rules of statutory interpretation and concluded that section 2 and 9A were contradictory. As section 9A was the later amendment, the court inferred that it was intended to collect children’s data. Although the Court found that advanced registration of children seems reasonable, it also found that NIIMS was inadequate for the protection of children.
c) Whether there are Sufficient Legal Safeguards and Data Protection Frameworks
The petitioners argued that the data protection laws were insufficient. Notably, the Data Protection Act was enacted after the hearing of the suit and before judgement.
The respondent’s cited the Official Secrets Act, Cybercrimes Act and Data Protection Bill (at the time) as sufficient safeguards on data protection.
The Court took judicial notice of the Data Protection Act. On analysis, it found that the Act does not list the Registration of Persons Act as one of the Acts for consequential amendments. Also, the Act had not been operationalised. There were therefore no legal limitations on access between NIIMS and other functional databases. The court therefore called for principles for data security should be in the form of regulations.
(d) Whether the Impugned Amendments are an Unnecessary, Unreasonable and Unjustifiable Limitation
Specifically on DNA, the court found that it was potentially harmful not just to the data subject but also to their relations. It therefore found that DNA required particular and specific legal protection. It also made similar findings for GPS data.
3. Equality and non-discrimination.
- Whether there was a Violation of the Right to Equality and Non-Discrimination
On the issue concerning discrimination against the Nubians the petitioners held that the Nubians had already faced barriers in accessing identity documents. The Nubians had to go through security vetting at a higher risk of being profiled under NIIMS.
The respondents argued that there was no justiciable controversy before the court. As everyone was free to register for Huduma Namba, there is no discrimination. They also argued that the Nubian complaints are based on other laws on Citizenship, Immigration Act, Birth and Death Registration Act. The vetting is not discriminatory and it has a legal basis.
The Court found that there is no requirement for vetting under NIIMS. There was no evidence of discrimination need for legislation to address risk of exclusion not just for the Nubians but also those without proper biometrics.
- Exclusion of the Nubian Community
On exclusion from government services the petitioners argued that the Nubians will be excluded from government services due to lack of documents required to enrol on NIIMS. The respondents argued that NIIMS is ongoing, everybody will have an opportunity to enrol. The Court stated that there should be a clear legal framework for digital ID.
From the foregoing, the court made four orders, reproduced below:
I. A declaration that the collection of DNA and GPS co-ordinates for purposes of identification is intrusive and unnecessary, and to the extent that it is not authorised and specifically anchored in empowering legislation, it is unconstitutional and a violation of Article 31 of the Constitution.
II. Consequently, in so far as section 5(1)(g) and 5(1)(ha) of the Registration of Persons Act requires the collection of GPS coordinates and DNA, the said subsections are in conflict with Article 31 of the Constitution and are to that extent unconstitutional, null and void.
III. The Respondents are at liberty to proceed with the implementation of the National Integrated Identity Management System (NIIMS) and to process and utilize the data collected in NIIMS, only on condition that an appropriate and comprehensive regulatory framework on the implementation of NIIMS that is compliant with the applicable constitutional requirements identified in this judgment is first enacted.
IV. Each party shall bear its own costs of the Consolidated Petitions