Communication Authority Statement on New SIM Registration and Data Collection
Communication Authority clarification statement on New SIM Registration and DNA data Collection
The Communications Authority of Kenya (CA) has noted the concerns and media commentary regarding the collection of biometric data during registration of new mobile lines as provided for in the revised SIM card regulations. These concerns are unfounded.
For the avoidance of doubt CA has NOT issued any directives for the collection of biometric data by our licensees.
Further we would like to make the following clarifications.
Intent
Published in May 2025, the new rules were developed to:
i. Protect citizens from SIM card-related fraud and other criminal activities, including identity theft, SIM box fraud, and scams. ii. Strengthen the integrity of telecommunications services, ensuring that every registered line belongs to a person, thus improving trust in Kenya’s digital space. iii. Support secure access to digital services such as mobile money, e-government and e-commerce.
Biometric Data concerns
The New Sim Card Regulations do not contain any provision for the collection of biometric data. The regulations define biometric data as personal data derived from specific technical processing based on physical, physiological, or behavioural characteristics, including blood typing, DNA analysis, fingerprints, earlobe geometry, retinal scans, and voice recognition.
This definition does not mean that all this information will be collected from subscribers during SIM card registration.
As a matter of fact, the Authority has not directed our licensees to collect this data.
Privacy and Security Concerns
The New Sim Card Regulations impose stringent security and confidentiality obligations on telecommunications operators. All subscriber data is to be handled, processed and protected in compliance with the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019.
Accordingly, operators are prohibited from sharing subscriber data without their consent or a lawful order. CA and the ODPC will provide strict oversight including regular audits and issue strong penalties for abuse or misuse of customer data.
Concerns Around Service Suspension and Consumer Rights
The revised Regulations allow operators to suspend SIM cards where subscribers provide false information or repeatedly ignore registration requirements.
The regulations make it clear that no subscriber can be disconnected without prior notice. Operators are required to institute clear, fair, and transparent procedures for all dealings with consumers.
Response to Everyday Consumer Pain Points
We have also noted consumer frustration over spam messages, unsolicited subscriptions, unauthorized use of phone numbers and unauthorized premium services.
These concerns are a priority for the Authority, and the improved SIM card registration processes are part of the larger strategy to safeguard consumer interests and welfare across all networks.
Supporting Innovation in Data Privacy
With the rise of digital services, including e-commerce, privacy features such as number masking on mobile payment platforms are important for digital trust and consumer protection. The Authority reiterates its support for innovations that uphold privacy and undertakes to roll out privacy-enhancing features consistent with the law in partnership with industry stakeholders.