It is interesting to observe that MTN is re-branding to become a
data/technology company  - full details are unclear, but it maybe
something that other telecommunications companies in Africa may also do.
Anti-trust regulations have had an interesting history in the USA, for
example [1] and [2].

[1] https://en.wikipedia.org/wiki/United_States_v._Microsoft_Corp.
[2] https://en.wikipedia.org/wiki/Breakup_of_the_Bell_System
On 3/16/22 11:25 PM, kanini mutemi via KICTANet wrote:
> @Mwendwa Kivuva <mailto:Lordmwesh@gmail.com> Let us not conflate issues.
> ALWAYS treat mobile banking (and banking in general) quite separate from
> other services offered by MNOs. A practical problem- @James Mbugua was
> right on data minimization (I would add necessity as well) disqualifying
> the current directive by CA. If you speak of harmonization of
> regulations, you can no longer rely on minimization and necessity
> because a need (banking) has been created. While all these things begin
> with a SIM Card registration, MPESA requires a further positive step of
> registration. At that point, we can safely speak of harmonization and
> requiring more information to prevent financial crimes etc. Different
> products, different markets.
>
> Are we sure CA is the source of the photos directive? (Kindly share the
> directive if you have access to it). The Regulations only allow this
> information to be collected during SIM Card registration-
>
> 5 (1) A person who intends to register a SIM-card shall provide the
> following particulars to the telecommunications operator or agent—
>
> (a)   
>
> full names;
>
> (b)   
>
> identity card, service card, passport or alien card number;
>
> (c)   
>
> date of birth;
>
> (d)   
>
> gender;
>
> (e)   
>
> physical address;
>
> (f)   
>
> postal address, where available;
>
> (g)   
>
> any other registered subscriber number associated with the subscriber;
>
> (h)   
>
> an original and a copy of the national identity card, service card,
> passport or alien card;
>
> (i)   
>
> an original and a copy of the birth certificate, in respect of
> registration of minors;
>
> (j)   
>
> subscriber number in respect to existing subscribers;
>
> (k)   
>
> an original and true copy of the certificate of registration, where
> relevant;
>
> (l)   
>
> a letter duly sealed by the chief executive officer or the person
> responsible for the day to day management of the statutory body.
>
>
> (while your ID would normally have a photo- it is vastly different from
> a digital photo which can become part of a biometric register).
>
>
> I cannot insist on this enough, a SIM Card registration is not the same
> thing as MPESA (or other mobile money platform registration). The
> requirements for SIM Card registration have to remain as basal as possible.
>
>
> On Wed, Mar 16, 2022 at 9:33 PM Mwendwa Kivuva via KICTANet
> <kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>>
> wrote:
>
>     Since SIM card data is used by a large section of the population for
>     mobile banking (Safaricom has 30 million mobile money customers) -
>     and banking regulations require a photo ID, should the regulation be
>     harmonised for all mobile money customers to provide their photo ID?
>
>     KICTANet had a Thought Leadership Forum with the ODPC, and the
>     question of DPIA came up. I can't remember the response. The
>     recording of the forum is available here
>     https://youtu.be/Rmdvoc8Valo <https://youtu.be/Rmdvoc8Valo>
>
>     On Wed, 16 Mar 2022, 16:04 James Mbugua via KICTANet,
>     <kictanet@lists.kictanet.or.ke
>     <mailto:kictanet@lists.kictanet.or.ke>> wrote:
>
>         Listers,
>
>         I am not sure if I am being paranoid but the SIM card
>         re-registration order ostensibly by CA (Communications
>         Authority) and which has mobile operators asking us to
>         te-register our SIM cards by April or risk being deregistered,
>         seems like regulatory overreach.
>
>         CA says under the SIM Registrations regulations of 2015, MNOs
>         are required to update their registers with details including ID
>         documents and photo IDs. The reason given, ostensibly, is that
>         many had their SIM details registered before that law came into
>         place.
>
>         Speaking of laws coming into operation, the Data Protection Act,
>         itself came into effect in 2019. Significantly long after the
>         said regulations.
>
>         In seeking to protect privacy and personal data, the DPA
>         requires Data Minimisation where personal data collected should be:
>         "adequate, relevant and limited to what is necessary in relation
>         to the purposes for which they are processed (‘data
>         minimisation’);" Sec. 25(d) DPA, 2019
>
>         This means that data that the controller does not really need to
>         achieve a specific purpose, should not be collected.
>
>         Biometric information such as Passport Photos that the Operators
>         will take and store,for example, are in my opinion, surplus to
>         requirements.
>
>         The identification of the subscriber can be done without
>         collection of intrusive biometric data for example by using
>         national IDs. CA explicitly asks that the operators verify
>         details with the Integrated Personnel Registry System. so
>         collection of biometric data to me is disproportionate and
>         cannot meet the threshold of lawful basis.
>
>         Being the later law, and by the Huduma Number case precedent,
>         the data minimisation provisions of the DPA, 2019 in my opinion
>         hold primacy and in fact impliedly, repeal or render unlawful,
>         the requirements for photo taking for SIM registration in the
>         2015 regulations.
>
>         2. Data Protection Impact Assessment.
>
>         Another question I would have for the CA, the Data Commissioner
>         and mobile operators, is if, as per the precedent sent by
>         Justice Ngaah in the Katiba Institute v. MoICT & others
>         regarding the need for the conduct of a Data Processing Impact
>         Assessment, has been carried out in this instance when CA
>         proposes to have collected the data of more than 30 million
>         subscribers including biometric data.
>
>         I think this is a plain case of flouting judicial guidance viz a
>         viz when DPIAs should be carried out and CA should have had this
>         carried out first before issuing the said directive.
>
>         Regards,
>
>         James G. Mbugua
>         Data Privacy Consultant & Tech Policy Blogger
>         @jgmbugua <mailto:jgmbugua@gmail.com>
>
>
>
>         _______________________________________________
>         KICTANet mailing list
>         KICTANet@lists.kictanet.or.ke <mailto:KICTANet@lists.kictanet.or.ke>
>         https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>         <https://lists.kictanet.or.ke/mailman/listinfo/kictanet>
>         Twitter: http://twitter.com/kictanet <http://twitter.com/kictanet>
>         Facebook: https://www.facebook.com/KICTANet/
>         <https://www.facebook.com/KICTANet/>
>
>         Unsubscribe or change your options at
>         https://lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafrica.com
>         <https://lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafrica.com>
>
>
>         KICTANet is a multi-stakeholder Think Tank for people and
>         institutions interested and involved in ICT policy and
>         regulation. KICTANet is a catalyst for reform in the Information
>         and Communication Technology sector. Its work is guided by four
>         pillars of Policy Advocacy, Capacity Building, Research, and
>         Stakeholder Engagement.
>
>         KICTANetiquette : Adhere to the same standards of acceptable
>         behaviors online that you follow in real life: respect people's
>         times and bandwidth, share knowledge, don't flame or abuse or
>         personalize, respect privacy, do not spam, do not market your
>         wares or qualifications.
>
>         KICTANet - The Power of Communities, is Kenya's premier ICT
>         policy engagement platform.
>
>     _______________________________________________
>     KICTANet mailing list
>     KICTANet@lists.kictanet.or.ke <mailto:KICTANet@lists.kictanet.or.ke>
>     https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>     <https://lists.kictanet.or.ke/mailman/listinfo/kictanet>
>     Twitter: http://twitter.com/kictanet <http://twitter.com/kictanet>
>     Facebook: https://www.facebook.com/KICTANet/
>     <https://www.facebook.com/KICTANet/>
>
>     Unsubscribe or change your options at
>     https://lists.kictanet.or.ke/mailman/options/kictanet/kaninimutemi%40gmail.com
>     <https://lists.kictanet.or.ke/mailman/options/kictanet/kaninimutemi%40gmail.com>
>
>
>     KICTANet is a multi-stakeholder Think Tank for people and
>     institutions interested and involved in ICT policy and regulation.
>     KICTANet is a catalyst for reform in the Information and
>     Communication Technology sector. Its work is guided by four pillars
>     of Policy Advocacy, Capacity Building, Research, and Stakeholder
>     Engagement.
>
>     KICTANetiquette : Adhere to the same standards of acceptable
>     behaviors online that you follow in real life: respect people's
>     times and bandwidth, share knowledge, don't flame or abuse or
>     personalize, respect privacy, do not spam, do not market your wares
>     or qualifications.
>
>     KICTANet - The Power of Communities, is Kenya's premier ICT policy
>     engagement platform.
>
>
>
> --
> *Mercy Mutemi, Advocate*.
>
> */
> /*
>
>
> _______________________________________________
> KICTANet mailing list
> KICTANet@lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/benson_muite%40emailplus.org
>
>
> KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
>
> KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
>


_______________________________________________
KICTANet mailing list
KICTANet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com


KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.