Back to the Drawing Board: How Data Protection Impact Assessment Discourse Is Shaping Maisha Namba Project in Kenya

A New Digital ID Project

Digital IDs are touted in the African Union Digital Transformation Strategy 2020-2030 as a tool for development. However, the roll-out and implementation of digital identity (Digital ID) initiatives are still a hot potato in some African States. Take Kenya, for instance, where there seems to be no end to the debates surrounding digital ID project implementation.

From 30^th June 2023, the Government of Kenya had plans to roll out a digital ID project dubbed Maisha Namba project that has interconnected elements of Maisha Namba, Maisha Card replacing the second generation IDs, Digital ID linked to the Maisha Card, and a National Population Register that amalgamates government databases into a single register to be realized through an integrated population registration system and national integrated identity management system.

Then, on 14^th August 2023, the government signed a memorandum of understanding with the United Nations Development Programme to set the stage for the roll-out of the Maisha Namba project. It was then announced that the initiative would be launched on 29^th September 2023, which was later moved to 2^nd October 2023. With this announcement, the train had left the station, or so it seemed.

Pushback

However, it was not to be a smooth sail. The government’s renewed plan to roll out a digital ID, after a failed first attempt, was met with some voiced and largely uncoordinated opposition from some quarters who were suspicious of the digital ID and launched for various reasons, including:

Maisha Namba‘s initiative is awakening ghosts of the previous administration’s plan to roll out Huduma Namba, which started in 2018, hit multiple political and legal headwinds, and eventually ended in 2021.

There has been an unforeseen and inexplicable change of political heart that saw the political leaders, including President Ruto, who vehemently opposed the launch and roll-out of Huduma Namba, take an unprecedented move to champion the fast-tracking the implementation of the Maisha Namba project.

The government should have developed an enabling law before the initiative was launched.

The initiative was not participatory before its planned launch, thus leading to suspicion of the real dangers of discrimination, exclusion, and inequities.

There also needed to be more transparency on the system design of the digital ID as well as the nature of support that the technical assistance the United Nations Development Programme would provide to Kenya in the roll-out and implementation of the project.

With these, all signs showed that the government had yet to thoroughly learn its lessons from practical and other court experiences from the Nubian Human Rights case, the Katiba Institute case, and the Free Kenya Initiative case. Again, the government’s push for the launch did not consider the mood of the public, who were increasingly getting frustrated with the spiraling cost of living and were more likely to oppose government initiatives bulldozed or deemed to have no immediate impact on putting bread on the table.

Just before the planned launch, scattered pushback mechanisms across Kenya slowly built up, consolidated, and culminated into a massive civic push by civil society organizations in the digital rights space through their Coalition of Civil Society Organizations. Under the umbrella of the Coalition, the CSOs met and deliberated on the digital ID initiative, eventually publishing a press release on the Maisha Namba on 25^th September 2023, barely one week before the planned launch date.

DPIA Concerns

The Coalition’s press release titled ‘Public Participation on Digital Identity’ was a memorandum addressed to the Principal Secretary for the State Department of Immigration and Citizen Services in the Ministry of Interior and National Administration. The press release laid down conditions the government must meet to realize what they term a ‘successful, rights-promoting and anti-discriminatory digital ID system’.

The Coalition specifically questioned why the government was not transparent on whether and, if so, how it conducted a data protection impact assessment (DPIA) in respect of Maisha Namba as required by section 31 of the Data Protection Act (and as interpreted by the various judgments made by the Kenyan courts). Without this information, the Coalition noted, the State could not guarantee a rights-respecting Digital ID that addresses all concerns of discrimination and exclusion amongst the Kenyan communities.

Consequently, the Coalition urged the State to follow the law and the court guidance to ensure an adequate and comprehensive DPIA. It further emphasized that, just as the law provides, DPIA should take place before implementing a digital ID project.

Postponement

The Coalition’s publication was widely circulated through online spaces. It also hit headlines in the mainstream media in Kenya. With this pushback in the full glare of the public, the Ruto administration was convinced that the Maisha Namba launch and, more so, its implementation would face severe legal hurdles and eventually suffer a fate similar to that of Huduma Namba, its infamous predecessor. This realization culminated in a government decision to postpone the launch to a further date to be announced later.

Conclusion

Even though the State attempted to mask the reason for the postponement, it was apparent to any keen observer that the pushback mounted against the backdrop of the lack of DPIA played a crucial role in its decision to postpone the launch. The press release and its impact on the government plan show how DPIA is increasingly playing a vital role in digital governance in Kenya. There is also no doubt that the voices of the Coalition of CSOs on DPIA rested not only on existing law but also on rich jurisprudence developed by Kenyan courts emphasizing the need for comprehensive and adequate DPIA. Some member CSOs, such as the Nubian Rights Forum and Katiba Institute, were part of some of these cases. Moreover, the Coalition’s successful agitation shows the people’s power when they organize and sustain a coordinated pushback around DPIA themes to agitate against initiatives on new and emerging technologies that fail to adopt the rule of law, transparency, and human rights design. This is particularly vital in developing States like Kenya, where competing political and economic interests could dictate a State tends to choose impunity over respect to data protection principles. Even as the government pilots the project, the question of the conduct of a rights-respecting DPIA will undoubtedly continue to linger and affect the design and implementation of this project.

Author

Nelson Otieno

Nelson Otieno Okeyo, a Kenyan Advocate, specializes in data protection law, data justice, and business and human rights. With a focus on compliance, he provides advice to clients in Kenya and beyond. Holding an LL.M. in cybersecurity regulation in EAC, he is currently pursuing a Ph.D. in data protection impact assessments in Africa at the Chair of African Legal Studies at the University of Bayreuth. His research is part of a business and human rights project at the Centre for Human Rights, Friedrich-Alexander-University of Erlangen-Nürnberg. He has undergone certified data protection trainings, research fellowships, and has published legal works on data protection. He also serves as a trainer for the Advanced Human Rights Course in Data Protection in Africa at the Centre for Human Rights, University of Pretoria.

View all posts