Digitisation of government services and the unique personal identifier
With the digitisation of government services and unique personal identifier (UPI) projects in motion, the Government of Kenya is presented with an opportunity to do things right. As you may recall, in the previous government, Huduma Namba was successfully challenged in court and up to date, E-Citizen is still regulated through a Gazette Notice. The current situation points to a weak regulatory framework.
There have been numerous debates on what the Government can do to ensure that digitisation of government services and the unique personal identifier do not fall at the altar of constitutional principles and fundamental rights and freedoms. I have distilled some of the proposals made by myself and others in the digital economy space. They are in no way exhaustive, but they provide starting points for the Government.
First, we need robust public participation and sensitisation on what digitisation of government services and the UPI mean for mwananchi. This is coupled with the need for extensive digital literacy across the country.
Secondly, the Government should address the issue of access to digital platforms by Kenyans. Cost of internet access and cost of smart devices to access digital services comes into play. Tax laws need to be revised to provide for greater internet access and affordability of smart devices.
Thirdly, historical challenges faced by some communities as they sought to obtain national identity documents must be addressed. An example is the case of the Nubian community. This may be undertaken by revising existing registration of persons laws or coming up with new laws that addressed the historical challenges.
Fourthly, there is need to have statutory regulation of e-government services, for example, through an E-Government Act. Such an Act would provide for among other matters, designation of an e-Government Directorate; standards in provision of e-Government services by all government agencies; procurement of e-government related goods and services; non-state entities access to e-Government platforms; management of e-Government systems within State Agencies; interoperability of e-Government systems among State Agencies; government digital payments; cyber-security principles and procedures; electronic government data management.; budgeting, funding, and reporting on e-Government services. As the Executive operationalises digital services, the Legislature ought to provide robust oversight.
Fifthly, all government agencies/departments must set up privacy and security programmes. Thes includes, sensitisation of all staff on data protection, data governance, and cybersecurity; carrying out privacy, data protection, and cybersecurity audits; drafting data inventories and data maps; appointing data protection and cybersecurity officers; putting in place data protection policies and standards; putting in place cybersecurity policies and standards; putting in place data subject rights management systems; putting in place incident management protocols; reviewing contracts/agreements to ensure compliance with among other laws, the Data Protection Act; carrying out data protection impact assessments where necessary; and carrying out vendor risk assessments.
Apart from the need to comply with statutes such as the Data Protection Act and the Computer Misuse and Cybercrimes Act, the Government needs to be constantly aware of the threats faced by not establishing and running solid privacy and security programmes. The Government must take pre-emptive privacy and security measures. Further, there must be very clear statutory and contractual guidelines where the digitisation of government services and roll out of the UPI involve non-State actors.
When implemented, the above recommendations will ensure that the digitisation and UPI initiatives respect, promote, and protect fundamental rights and freedoms. They will also ensure compliance with basic constitutional principles of inclusivity, accountability, and transparency.