Data protection for civil registries is non-negotiable

Data when followed with sensible regulation can
Data when followed with sensible regulation can allow innovation in public service provision to rival magic. FILE PHOTO | NMG 

On July 31, I had the unenviable honor of attending a public participation forum on the newly proposed Huduma Bill 2019. Like most important forums, it was scantily attended.

Jaded officers from the Ministry of Interior listened to civil society representatives outlining rather obvious shortcomings in drafting of the bill in question, as well as glaring potential for human rights violations.

As is usually the case, the folks on the high table were rather bored until it came their turn to speak – and mine to leave. A representative of the principal secretary made an interesting, if somewhat shortsighted comment along the lines of “data is the new oil,” implying the government was keen on mining it for some yet unclarified gain.

Let us give the said gentleman the benefit of doubt – Kenya just started exporting oil, and we are barely getting started on robust data protection, so he might not have a lot of information on the richness of the irony he revealed.

Let us further say that such pronunciations are commonplace in some quarters – usually in quarters that don’t think critically about these issues, or those that fail to appreciate the magnitude of data in the information age.


Data is not the new oil, especially not biometric data. While there is indeed potential for governments to mine data and sell data to corporations, the analogy fails when stretched to its logical conclusion.

Questions on user privacy, consent on third party access, and proportionality of the data collected to its use are nontrivial ones.

Like oil, personal biometric data cannot be replaced in the event that such information gets into the wrong hands.

We cannot change our fingerprints like we can user names, retinas are not cheap to come by like a new Facebook password is.

If the metaphor of data and oil holds, it only approximates the potential for disaster that accompanies lax regulation – oil spills and data leaks are alike in this sense.

Here’s an olive branch – aggregating data for over 40 million Kenyans when done right has the potential for massive socioeconomic impact.

Digital identity databases could be designed for scalability and multiple use cases – healthcare providers could conduct longitudinal studies on illnesses and design public health responses from datasets that are representative of the population, financial inclusion initiatives can benefit from identifying and reaching far flung rural communities, and biometrics allow for deduplication that could send ghost workers packing.

Data when followed with sensible regulation can allow innovation in public service provision to rival magic. As the home of mobile cash transfers, our comfort and ease with digital technologies position Kenya to leapfrog the information age into the data age.

That these debates occur within the context of the new Huduma Bill, as well as a proposed Data Protection Bill is evidence of the serendipitous relationship between the two parallel efforts.

Whatever justification the government eventually comes up with in support of the Huduma process, it must not be construed to assume the State has unbridled right to citizens’ information.

The writer is a digital identity analyst, Omidyar Network.