BY SAM ALFAN.
The Huduma number program has been thrown into disarray after it’s rollout was declared illegal.
High Court Judge Jairus Ngaah held that the state failed to comply with the constitution during the role out.
The state failed to ensure that the bill of rights including the right to privacy was respected and protected during the processing and roll out of the cards.
“”The order of is hereby issued quashing the respondents’ decision of November 18, 2020 to roll out Huduma Cards for being ultra vires section 31 of the Data Protection Act, 2019″, Judge Ngaah declared.
The Judge ordered the state to conduct a data protection impact assessment in accordance with section 31 of the data protection act before processing of data.
“An order is hereby issued compelling the respondents to conduct a data protection impact assessment in accordance with section 31 of the Data Protection Act, 2019 before processing of data and rolling out of the Huduma Cards”, Judge Ngaah compelled government.
The Judge also ordered the state to conduct a data protection impact assessment in accordance with section 31 of the data protection act before processing of data.
The suit which had been filed by Katiba Institute and Yash Pal Ghai was against ICT CS Joe Mucheru, Interior CS Fred Matiangi and the Attorney General.
In the Judgment, Justice Ngaah noted that the state had not appreciated the import and extent of the data protection act with respect to the data collected under National Integrated Identity Management System- NIIMS.
“If they did, they would have given effect to section 31 of the data protection act and conducted a data impact assessment before processing personal data and rolling out the huduma cards,” the Judge said.
The Judge also noted that NIIMS which the state used to collect data relied on section 9(a) of the registration of Persons act which in turn came about as a result of the miscellaneous amendment act no.19 of 2018.
According to the Judge, the said miscellaneous amendment act no.19 of 2018 was nullified by a three Judge bench among other laws that were purportedly enacted by the national assembly without any involvement of the senate.
“It is the individual constitutional rights and basic rights that were under threat by exercise of the state in collecting and processing data without a legal framework to ensure that even as it embraces a new system of identification, the right to privacy is protected,” he said.
“I will stand with the individual against the might of the state and hold that fairness is in interpretation of section 31 as being retrospective in its application. I am satisfied that the applicant has made out a case against the respondents,” he ruled.
The lobby group through lawyer Dudley Ochiel had argued the roll-out of Huduma Namba cards lacked guarantees of theft or misuse of Kenyans’ personal information.
According to the lobby group the State failed to subject the fresh registration of Kenyans to data protection impact assessment (DPIA) — a requirement under the law.
“The Respondent’s omission to conduct the data protection impact assessment in this case is not only ultra vires the Act, but also threatens the right to privacy under Article 31 of the Constitution,” they argued.
It was their contention that the nature of the data collected is such that there exists a tangible risk that subjects may be discriminated against on various bases in contravention of Articles 10 and 27 of the Constitution.