By:Hertha Ekandjo
The legality of telecommunication giant MTC collecting biometric data from citizens who are registering their sim cards has been called into question.
The company has been collecting biometric data and taking pictures of customers registering their sim cards since the campaign kick off last year.
The Institute for Public Policy Research (IPPR) on Monday came out against MTC taking fingerprints and pictures of its clients who turn up for sim card registration.
lawyer Jerhome Tjizo also echoed the same sentiment yesterday, saying the taking of fingerprints in the absence of a legislative basis is definitely open to a legal challenge at some point in the future.
“I am sure the Communications Act sets out a specific manner in which sim cards need to be registered by a telecommunications provider,” lawyer opined.
Tjizo said if procedures are not followed and it is challenged at some point in the future there would be a basis for having such fingerprints taken being thrown out as evidence by a court of law because it could have been taken in contravention of behavioral legislation.
What is essential, he said, is that the legislative basis framework needs to be put in before a communications provider starts taking fingerprints from citizens because it would easily be interpreted as a violation of the right to privacy, among others.
“It is currently ongoing but if it is taken on review or challenged by somebody there is definitely an argument that can be made out that it was done in contravention of existing legislation and therefore null and void,” Tjizoexplained.
According to him, what MTC is busy with can be labeled as unethical as it is not in compliance with the existing legislation.
IPPR senior researcher Frederico Links said MTC has been scanning fingerprints and taking face photos while the legal framework only requires basic information for sim registration.
“The regulations for part 6 of chapter 5 of the Communications Act of 2009, as well as the further conditions on telecommunications licensees, require operators to collect basic information such as names, dates of birth, addresses, and copies of identification documents to register a SIM card. There is no mention of biometric information is legally required or necessary for SIM card registration,” Links pointed out.
The researcher noted he received a number of queries through various channels from emails to phone calls and SMSs from associates and members of the public who expressed concern and discomfort that they are required to hand over biometric data in order to register their sim cards.
From the beginning of October 2022, Namibians were called on to voluntarily register their sim cards during a three-month window period so that by the time mandatory sim card registration was to be implemented, from 1 January through to 31 December 2023, they were already in compliant with the law.
Links said here concerns have been raised with the management of both the Communications Regulatory Authority of Namibia (CRAN) and MTC.
“Specifically, the CRAN management was asked what the regulator’s position was on the harvesting of facial and fingerprint biometric data by telecom companies for the purpose of registering subscribers in the absence of legislated data protection safeguards. MTC Namibia was asked on what legal basis it was collecting facial and fingerprint biometric data in order to register customers,” Links said.
On 9 January 2023, CRAN responded: “Operators are required to only collect customer identification information as stipulated in the regulations and conditions. Kindly contact Mobile Telecommunications Limited for their consideration and possible response to [your other questions].”
Links pointed out that CRAN had also sent a complaint form a few days earlier, encouraging him to file a complaint for adjudication, if that was what was desired to address the matter.
“In mid-December 2022, MTC Namibia’s Tim Ekandjo had indicated that this writer would receive a response to the questions sent to the state-owned telecoms firm on Wednesday, 21 December 2022. When contacted again in early January 2023 for a response, Ekandjo did not commit to responding to the questions or the issues as sketched in the article that was published,” he said.
He expressed concern about a regulator being silent or complicit in the face of legally questionable or unlawful biometric data collection practices by a telecommunications company is not only a concern in Namibia but across the African continent.
When The Villager reached out to MTC’s corporate communication manager, John Ekongo, he said that they are aware of the IPPR complaint and still have to respond to it.
“We are aware of what the IPPR report but in due time we will comment, but at this point in time I cannot comment,” Ekongo responded.