Kenya is facing a major public debate after a new draft regulation by the Communications Authority (CA) proposed that network operators collect extensive biometric and biological information from citizens seeking to register SIM cards.
According to the draft, applicants would not only submit common identification details such as a national ID, full name and physical address, but may also be required to provide extremely sensitive data including DNA, blood type, retinal scans and even earlobe structure.
The proposal has triggered widespread concern among Kenyans, digital rights advocates and legal experts who believe the requirement goes far beyond what is necessary for subscriber verification.
Across Africa, a number of countries like Rwanda and Mozambique have embraced biometrics for SIM registration but these typically involve fingerprints or facial recognition for authentication.
However, Kenya’s proposal appears to venture further into human biological profiling which raises questions around ethics, legality, proportionality and data governance.
READ: IEBC Introduces Controversial Iris Scans in Kenya Voter Registration
The draft further suggests that telecom operators maintain subscriber biometric databases and provide regular updates to the regulator, placing a heavy compliance responsibility on private companies that traditionally do not handle such levels of personal biological data.
CA believes that advanced biometric profiling would help strengthen national security by preventing SIM related fraud, terrorism facilitation, identity theft and anonymous cybercrime.
It argues that strong biometric mapping could finally eliminate loopholes exploited by criminals who register SIMs using forged or borrowed credentials.
However, critics insist that national security objectives must respect privacy rights and must also comply with Kenya’s Data Protection Act, which requires that personal information collected be relevant, necessary and safeguarded through strict controls.
Heavy concerns have also been raised about the ability of telecom companies to store deeply sensitive biological information securely. Kenya has experienced several large scale data breaches in recent years affecting various government and private databases.
Critics caution that storing such intimate biological identifiers would expose citizens to irreversible harm should that information leak or be misused. Unlike passwords or ID numbers, DNA and retinal patterns cannot be changed once compromised.
The proposal also opens questions regarding data ownership and state authority. Citizens and oversight institutions and civil society now want clarity on who would store the information, how long it would remain stored, who would have lawful access, how consent would be obtained and how deletion requests would be handled.
