A year after halting Kenya's Huduma Namba, the country's controversial biometric ID scheme, the High Court of Kenya declared that its rollout was illegal and asked the government to conduct a privacy impact assessment. MediaNama has reviewed a copy of the judgement. In Thursday's judgement by Judge Ngaah Jairus of the Kenyan High Court, it said that the digital ID programme was ultra vires to Section 31 of Kenya's Data Protection Act, which mandates that where a 'processing operation is likely to result in high risk to the rights and freedoms of a data subject, the data controller or processor must carry out a Data Protection Impact Assessment'. The respondents, in my humble opinion, have not appreciated the import and the extent of the application of the Data Protection Act, with respect to collection and processing of data collected under the National Integrated Identity Management System. If they did, they would have given effect to section 31 of the Data Protection Act and conducted a data impact assessment before processing personal data and rolling out the Huduma Cards — Justice Ngaah Jarius in the judgement What else does the judgement say? a. The order of certiorari is hereby issued to bring to into this honourable court and quash the respondents’ decision of 18 November 2020 to roll out Huduma Cards for being ultra vires section 31 of the Data Protection Act, 2019. b. The order of mandamus is hereby issued compelling the respondents to conduct a data protection impact assessment in…
