African governments are pushing for digital IDs without informing people of their privacy implications.
Many African countries plan to gradually phase out traditional IDs with digital alternatives. This transition has become commonplace in recent years as governments throughout the continent slowly call for digital identification. Key progress can be seen in Kenya, Ethiopia, Uganda, and Rwanda.
For instance, Kenya is making a second attempt at implementing digital IDs. The KES 10 billion ($66 million according to the current exchange rate) exercise, known as Huduma Namba, was discontinued after the ID system failed to appeal to locals. The second attempt is scheduled to start in a few weeks. While the Kenyan government claims that the digital ID won’t be mandatory, past experiences, especially those related to Huduma Namba, suggest otherwise. However, considering the adoption’s privacy implications, it is important to look into the reasons behind the rush to adopt digital IDs in Africa. It is also unclear to citizens of these countries what digital IDs mean for the people and the government regarding know-your-customer (KYC), financial inclusion, and tax compliance.
Digital IDs could be a privacy headache
While the idea of digital IDs stored in smartphones may initially seem attractive, digital isn’t always superior, especially when systems rely primarily on digital technology. It comes with opportunities and potential problems, especially if the transition is not carefully designed.
Digital IDs could worsen inequalities in Africa. Millions of Africans, especially those in rural communities, lack smartphones. Sub-Saharan Africa is expected to have 689 million smartphone subscriptions by 2028, but in 2022, there were only 415 million subscriptions for a population of 1.18 billion. If digital identification is built into daily activities and processes concerning business and government, people without smartphones would be left behind. Africans must have the right to choose not to use digital IDs, both legally and practically.
A poorly designed digital identity system could become a privacy issue. One key concern about a digital identity system is the potential for centralised tracking. When a government agent examines your traditional non-digital ID, there is no automatic generation, retention, or sharing of a record of that inspection with the associated agency. However, such tracking is possible with digital IDs. Any electronic identity system allowing this type of tracking should be rejected.
Article continues after this ad
There is another privacy concern arising from digital IDs verifiers, such as banks and other organisations that use KYC. Even if data isn’t sent back to the issuer of the ID (the African country the holder hails from), each time someone uses their ID, verifiers have the potential to record and compile information about these interactions. For instance, a group of banks could maintain an electronic log of every instance you use your ID. While they may not observe when you present your digital ID to others, they could track each time you share it with them, their corporate affiliates, or anyone with whom they have a data-sharing arrangement. In the process, these entities can gather a lot of personal information about the ID holder. The digitisation of IDs could make this process more automatic than it is now.
Computer security challenges are harder to fix in the current world. Experts have said that attacking digital systems is often easier than defending them, as seen with leading tech companies and government agencies falling victim to hackers. While this shouldn’t discourage digitisation, it’s key to consider the consequences of successful cyberattacks, including their severity and who bears the burden. Companies sometimes neglect to protect their digital assets, leading to catastrophic customer outcomes. It would be worse if such attacks targeted digital ID systems, especially when African governments have yet to develop robust and formidable digital infrastructure.
Lastly, privacy concerns arise when digital IDs require users to install government-related software on their phones, even if private contractors create these apps. To instil confidence, the source code of these apps should be transparent for public scrutiny, which will ensure they function correctly and securely. However, many private companies (Kenya’s digital ID system may be built by Estonian tech companies) may want to keep their code proprietary, which could lead to users trusting secret government code on their phones, especially if digital IDs are mandatory, which is unacceptable.
Robust systems must be implemented
Granted, a digital ID could enhance privacy by allowing users to selectively share only the necessary information from their identification, such as confirming their age without disclosing their full date of birth or other details. However, knowing what kind of data will be stored in the IDs is a challenge. In a Kenyan context, digital ID items might include health insurance, pension, employment, passport, birth and marriage certificates, among other documents. If data categories expand, it’s unclear whether privacy measures will be implemented immediately and according to new data sets.
Policymakers in African countries considering digital IDs should remember that the documents are important for KYC, fraud reduction and detection, and financial inclusion. Therefore, they should assess the impact of optional or mandatory adoption and consider the ID’s long-term evolution. It is up to them to ensure that strong privacy safeguards are in place since success depends on robust implementation to boost privacy and empower individuals.
Article continues after this ad
Senior Reporter, TechCabal.
Feel free to email kenn[at]bigcabal.com, with your thoughts about this edition of NextWave. Or just click reply to share your thoughts and feedback.