The Centre for Intellectual Property and Information Technology Law (CIPIT) is a think-tank established under Strathmore Law School. Our work encompasses evidence-based research and training in intellectual property, information technology, and policy, with a particular emphasis on how they contribute to African law and human rights.
Our work also encompasses data protection, digital ID, and inclusion. Based on our research, we believe that good ID should foster transparency, accountability, inclusion, privacy, and security.
All areas of life, including health, education, finance, agriculture, and access to public services, have been transformed by digital technology. As a result, digital ID is critical for navigating and adapting to the changes brought about by digital transformation in various sectors.
Since digital identification has become a daily reality, its impacts on the development of various sectors cannot be overstated. However, the associated difficulties must be addressed as well. The challenges digital ID presents relate to the use of personal data which informs the need to develop digital ID systems that build trust and inclusivity under the backdrop of privacy and security.
Inclusion applies to the legislation, policies, and regulations, as well as their implementation practices. A study, commissioned by CIPIT, and conducted by the African Digital Rights Hub on the inclusion and exclusion of national IDs in West Africa exemplified this. While laws, policies, and regulations promote inclusion for all, the study discovered that their implementation practices are exclusionary. Good ID should therefore promote inclusion for all, equality and nondiscrimination.
Good ID fosters privacy and security. This is guided by legal and technical safeguards that address data protection, privacy, and security, which are all necessary components of a functioning good ID system. The Huduma number case brought into question the system’s design, as well as its operational capabilities for safeguarding the privacy and security of data processed by the system.
Essentially, a good ID system should be governed by a clear and concise data governance framework to ensure privacy and security. The framework should clearly define the roles and responsibilities of those who handle data, the reasons for and scope of data processing, and the relationship between people, processes, and systems in promoting good ID.
Most importantly, since no database is ever 100% secure, a good ID system must have well-considered contingency plans for dealing with data breaches. Such plans should consider the possible harms to all those participating in the ID system, particularly when participation is either compulsory and/or required to access various services.
Additionally, good ID fosters transparency and accountability. Transparency provides a clear picture of the necessity and scope of data processing, as well as the systems used for such processing. Additionally, it is critical in enabling authorization by those who handle data.
Accountability is a result of transparency. As such, good ID entails an understanding of how authorization works, who is responsible for what, and whether those in charge are aware of accountability processes and mechanisms.
A good ID system is built on the principles of privacy and security. To address the challenges associated with the adoption and use of digital ID, laws and policies developed to ensure the viability of a good ID system must be adopted and clearly implemented.