[ad_1]
People in Kenya have both the right to mobile
telecommunications and to privacy — prominent
telecommunications provider Safaricom must delete all
biometric data collected via its dangerous, manipulative
data-harvesting SIM registration process. Read Access
Now’s open
letter to the company.
“Safaricom
demanding excessive personal information — including
private biometric data — for people to use its services is
nothing less than unconscionable,” said Jaimee
Kokonya, Africa Campaigner at Access Now. “As one
of the nation’s leading internet providers, the company
wields the power to control the communication of millions of
people, and must put human rights above all. Safaricom
should be setting the privacy gold standard, not dragging
the industry through the mud.”
In November 2021,
Safaricom began sending messages
to people subscribed to mobile services informing them they
were required to update their SIM card registration details
by bringing their identification documents to outlets. Under
the threat of disconnecting those who did not comply, this
directive included a demand for invasive facial biometrics.
The company alleged
this requirement was in line with new
regulations from the Communications Authority of Kenya (CA)
— it was not, and the collection of this data is
illegal.
“When we see private companies
manipulate laws and regulations with unclear motives,
governments must intervene,” said Bridget Andere,
Africa Policy Analyst at Access Now. “Safaricom
must be held responsible for its illegal acquisition of
private information — information it now controls, and is
ripe for exploitation and manipulation.”
Tech
companies are not acting alone in this breach of rights. The
Communications Authority originally
directed the collection of biometrics, but rectified
its wrongful interpretation of the law. SIM card
registration in Kenya has been regulated by law since 2015,
and only requires operators to collect basic information
such as names, dates of birth, addresses, and copies of
identification documents. There is no mention of biometric
data within the legal frameworks.
The SIM registration
deadline passed on October 15, 2022, and
Safaricom has restricted the accounts of some who did not
supply extra personal data. Prior to this, Safaricom updated
its requirements, striking off biometrics. The company is,
however, still requesting their subscribers provide data not
required by law.
Safaricom has provided no guidance on
remedies for subscribers whose data was collected as a
result of their misrepresentation of the law. This speaks to
an alarming
trend in the company’s data
practices.
Safaricom has a responsibility to protect
people’s privacy and uphold human rights. All breaches of
privacy laws and the company’s human rights obligations
must be rectified immediately. Access Now
recommends:
- Deleting all facial biometrics data
collected illegally during the SIM re-registration exercise
carried out between August 2021 and April 2022, and notify
affected subscribers that their data has been deleted;
and - Commissioning, and publishing, independent
transparency reporting on the Data Protection Impact
Assessment carried out prior to the collection of facial
biometrics.
Read the open
letter.
© Scoop Media
[ad_2]
Source link