| Authority: | ODPC - Kenya |
|---|---|
| Jurisdiction: | Kenya |
| Relevant law: | Section 3 of the DPA,19; Article 31(c) & (d) of the Constitution of Kenya; Section 9 of the Registration of Persons Act; Section 9 of the Fair Administrative Actions Act |
| Type: | Court filing |
| Outcome: | Violation - Injunction |
| Started: | N/A |
| Decided: | 14 October 2021 |
| Published: | N/A |
| Fine: | N/A |
| Parties: | Republic vs. Joe Mucheru, PS & 2 Others |
| Case No.: | Judicial Review Application No. E1138 of 2020 |
| Appeal: | N/A |
| Original Source: | High Court of Kenya |
| Original contributor: | Margaret Odhiambo |
The High Court in Kenya declared that the roll out of the Huduma Card was unconstitutional and ordered that a data protection impact assessment be carried out under the DPA,19 retrospectively.
The suit was filed by Prof. Yash Pal Ghai and Katiba Institute, a civil society organization (the ”Applicants”). The case challenged the rollout of the NIIMs system (Huduma Number) without conducting a data protection impact assessment.
It was alleged by the Applicants that NIIMS had the potential to exclude citizens from accessing public services due to lack of documentation or a birth record. NIIMS could also pose a significant threat to the privacy rights of enrolled citizens, due to the ways in which information would be stored and shared without constraint among government databases, absent of appropriate checks and balances.
Justice Ngaah declared the data collection and roll-out of biometric Huduma cards for the country’s digital ID system, the National Integrated Identity Management System (NIIMS), unconstitutional
He also held that the Data Protection Act of 2019, which was operationalized in 2020, should be applied retroactively to the government’s rollout of NIIMS, which had began in November 2020
This was the first time the court referenced the Data Protection Act, 2019 and applied it retrospectively. The full text of the ruling is provided below.
Share blogs or news articles here!