The Draft Registration of Persons (NIIMS) Regulations 2020
- Beatrice Mungai |
- March 19, 2020 |
- Digital Identification,
- Digital Rights,
- Information Technology,
- Tech-Legislation
Following the judgement in the case of Nubian Rights Forum & 2 others v Attorney General & 9 others (Huduma Namba case), the Ministry of Interior and Coordination of National Government released the draft Registration of Persons (NIIMS) regulations. The draft Regulation intends to operationalize Section 9A of the Registration of Persons Act that establishes the National Integrated Information Management System (NIIMS). The court ordered that the government is at liberty to proceed with the implementation of NIIMS but on the condition that an appropriate comprehensive legal framework is first enacted.[1]
This blogpost gives a brief overview of the draft regulations and comments on further issues that the regulations should consider in view of the Huduma Namba Judgement.
Comment on the Draft NIIMS Regulations
I
The first of the draft regulation deals with definition of terms and its scope of application. Whereas the part gives a distinction between huduma card and huduma namba, as well as between functional and foundational data, it fails to define several key terms.
The regulations uses “agency” but fail to specify whether this refers only to public agencies. It is also not clear if the regulations also apply to private agencies carrying out authentication using Huduma Namba. The term “biographic data” also needs to be defined so as to specify what kind of data falls under this category, especially since the processing of data may infringe on privacy. Hence the need t have clarity on the exact data types that may be collected. The regulations should also elaborate on what “multipurpose” means so as to provide a clear limit on the purposes for use of Huduma Namba.
Mechanisms for enrolment of those without primary registration documents or biometrics should have been a stated object of the regulations. In the Huduma Namba judgement, the court found that there may be a segment of the population that runs the risk of exclusion from NIIMS due to lack of identity documents, or lack of or poor biometric data. It was acknowledged that a clear regulatory framework is needed to address the possibility of exclusion in NIIMS.[2] Principles 1 and 2 of the World Bank Principles on Identification for Sustainable Development, call for identification systems that are inclusive. A good identification system should therefore ensure universal coverage for individuals that is free from discrimination and that is also void of barriers to access and usage.[3] It is therefore important that a legal framework seeking to operationalize NIIMS sets out to deal with the risks of exclusion of undocumented citizens and vulnerable groups.
II
This part provides for the structure and components of NIIMS. It is composed of the NIIMS database, the Huduma Namba and Huduma Card. An elaboration of what each of the components is given. The regulations establish Huduma Namba as supreme over every other form of identification. In addition, the NIIMS database is to be relied on as the primary source of foundational data. The regulations propose four types of Huduma cards: Minor’s Huduma card – for minors from the age of six to seventeen, Adult’s Huduma card – for citizens who have attained the age of eighteen, Foreign National’s Huduma card and Refugee’s Huduma card.
On the components of the system, a user should be added as a core component. This is to cater for rights such the right of access, as well as rights of data subject to correct data and to object to processing of data.
There is also a need clarify whether the use of NIIMS and the Huduma Namba will replace the current identification systems and documents such as birth certificates, National IDs and passports. The use of Huduma Namba and NIIMS as the primary sources of information and identification affects not only the mother Act – The Registration of Person Act – but also the Kenya Citizenship and Immigration Act and the Registration of Births and Death Act. Such major changes of systems can only be carried out by an Act that amends all the affected laws, not through regulations.
The reliance of NIIMS as the primary source of foundational data may create a barrier to access of government services. This could result in basic services being denied to anyone that lack a Huduma Namba which is grave for communities that are undocumented.
III
This part of the draft regulations deals with enrolment into the NIIMS database, issuance of the Huduma card and assignment of the Huduma Namba. It also provides for the process of updating particulars, the application of the Data Protection Act and the bases for accessing the NIIMS database.
The major issue with this part is the lack of clarity. On enrolment, one would have expected detailed provisions on: the enrolment procedures, the documents required to apply for the Huduma Namba, the appeal mechanism for applications for enrolment that fail, the fees to be paid when one loses or seeks replace the Huduma card and the procedure to be used to update particulars. As per the Huduma Namba judgement, the legal framework should be comprehensive and compliant with the applicable constitutional requirements. Therefore, any processes or requirements prescribed should be detailed and holistic.
Any processes under the regulations should offer a clear outline of the application process, a comprehensive list of the documents required, alternative ways of making the application and state the designated offices as well as any appeals arising from a failed application. The regulations also list the reasons for which an application may be denied to reduce opportunities for abuse and promote transparency and accountability. Finally, the procedures put in place should ensure that they make identification systems accessible to all citizens regardless of their level of digital literacy and access to technology.
The enrolment process of minors in Clause 12 should also be better elaborated. Minors should ideally be enrolled into NIIMS under the process of birth registration. Further regulations should be made on comprehensively protecting children’s data, taking cognizance of children’s evolving capacity as well as their transient nature.
Finally, Clause 18 should envision other bases that government agencies may want to access to NIIMS other than for authentication. Linkage to NIIMS should be assessed on a case by case basis in order to achieve the principle of limitation – data should not be processed for any purpose beyond what it is collected or needed for.[4] These purposes should be clearly outlined as government agencies will be acting as data processors.
Conclusion
The new legal framework should take into account the rights users should have and the duties owed by the civil registries. It should also incorporate constitutional principles of independence, transparency and accountability in the governance of this new system. In sum, if all these ingredients are met, then they can assist in building trust in the new identification system.
[1] Nubian Rights Forum & 2 others v Attorney General & 9 others (Interested Parties) [2020] eKLR, para 1047
[2] Nubian Rights Forum & 2 others v Attorney General & 9 others (Interested Parties) [2020] eKLR, para 1044 – 1045.
[3] Principles on Identification for Sustainable Development: Toward the Digital Age, World Bank Group and Center for Global Development, 2017, p 8-10
[4] Section 25(c), The Data Protection Act, Kenya, 2019