The Communications Authority of Kenya (CA) is proposing changes to SIM-card registration rules that could fundamentally reshape how personal data is collected and raise big red flags around privacy.
Under the newly issued Kenya Information and Communications (Registration of Telecommunications Service Subscribers) Regulations, 2025, telecom users may soon be required to submit some of their most sensitive biological data when registering new SIM cards.
This includes DNA analysis, blood type, retinal scans, earlobe geometry, and more, according to the draft rules, as reported by Business Daily.
The CA’s demand for expanded personal data goes well beyond traditional identifiers like names, ID numbers, and birth dates.
Critics argue that the obligation to collect such highly sensitive biometric and physiological information exposes subscribers to serious risks, particularly in a context where telecom companies may not be fully equipped to secure or manage this level of data.
“It is a big risk to spread such sensitive data to more hands,” said tech analyst Phil Emorang as reported by the local daily.
While the regulations do mandate that telecom operators take steps to protect this data under the Data Protection Act, questions remain about how realistic and enforceable those protections are.
The rules go further, requiring operators to compile detailed biometrics databases and provide the CA with access regularly.
Service providers, including Safaricom, will be expected to submit subscriber biometric records to the CA every quarter, giving the regulator broad visibility into personal identity data.
Also Read: Communications Authority extends SIM card registration deadline to October
Critics say that this effectively outsources identity-management functions to private companies without offering strong enough safeguards.
This new approach runs into a direct tension with Kenya’s Data Protection Act, which enshrines the principle of data minimization, meaning organizations should only collect data that is necessary and relevant for a specific purpose.
According to the guidance from the Office of the Data Protection Commissioner (ODPC), sensitive personal data, like DNA or biometric information, should only be held under very strict limits, stored for the shortest time necessary, and deleted when no longer needed.
The proposed CA requirements clash with these data protection norms. By forcing telcos to retain detailed biometric data and giving the regulator deep access to these systems, the rules risk undermining user trust and stoking fears of surveillance. Analysts and legal experts worry that few telecom companies have the capacity—whether technical, financial, or institutional—to safely store, protect, and hand over this level of personal data.
The implications of these regulations could ripple well beyond telecoms. Kenya’s fintech, banking, and mobile-money sectors have over the years leaned into trust-driven, privacy-first practices, minimising the amount of customer data they collect, anonymizing user data, and limiting how much personal information is exposed.
益群网:终身分红,逆向推荐,不拉下线,也有钱赚!尖端资源,价值百万,一网打尽,瞬间拥有!多重收益,五五倍增,八级提成,后劲无穷!网址:1199.pw
Потребность в изготовлении дубликатов регистрационных знаков может возникнуть у любого автовладельца https://dima-sychev.ru/the_articles/gos-nomer-s-vydavlennym-flagom-i-zhirnym-shriftom-polnyy-gid-i-aktualnye-standarty.html. Существует несколько распространенных ситуаций, когда эта услуга становится просто незаменимой.