Last week the African Union Commission (AUC) held a public consultation forum to receive submissions from stakeholders on the draft African Union Digital ID Framework. Presently, verifying identities issued in one AU member state in other states, whether online or in person, is difficult, reducing access to public and private services while limiting the continent’s potential for economic development.
The framework developed with the support of different partners such as the German development agency GIZ, the World Bank, Smart Africa and UNECA, aims to strengthen trust and interoperability between foundational identification systems of AU Members by developing an Interoperable Digital Credential (IDC). The IDC does not replace IDs issued at national level but allows member states to designate foundational data that will be used to create the IDC. The framework proposes different models of the IDC such as Digitally signed credentials or digital wallets aimed at empowering people to have control over their personal data, including the ability to selectively disclose only those attributes that are required for a particular transaction.
The development of the IDC is geared to achieving the AU Agenda 2063 to unify Africa and have transformed economies. Tunde Fafunwa, the lead advisor at the United Nations Economic Commission for Africa states,
“ Now is the right time, before countries have fully adopted a standard or rolled out an ID system, to understand the implications and align themselves more closely with The Pan African Trust Framework and the principles of interoperability.”
This comes at a time when the European Union is also unveiling plans to launch digital wallets that allow digital authentication of identity, reducing fraud, and bringing services closer to residents. Spain and Germany are also testing a crossborder digital ID.
To begin with, digital ID systems are prone to cyber risks. In Estonia a hacker was able to exploit vulnerabilities in a government database and obtain personal photos, names and ID codes of over 280,000 estonians. The cybersecurity capacity of AU member states is worrying. For example, in October 2020, a hack compromising Uganda’s mobile money network resulted in a financial crisis and temporary suspension of mobile money services.Similarly, South Africa’s second largest hospital suffered a cyber attack that affected the hospital's operations during the Covid 19 Pandemic. Signe argues that Africa needs to improve institutional and co-ordinated mechanisms to mitigate cybersecurity threats.
Coupled with cybersecurity concerns are concerns with data protection among African states. To date only 8 out of 55 African states have ratified the AU Convention on Data Protection and Cyber Security. While plans are underway by the AU to develop a continental data policy framework, more steps need to be taken to realize data protection. Research across the continent proves that beyond regulation, Africa should focus on implementation and capacitation of authorities as countries may enact legislation but lack political will to implement it. An example of such asymmetry between legislation and practice is seen in Togo. AFDEC reports that while Togo has ratified the Malabo convention and enacted a data privacy law, the interest is geared to aligning state policies with global practices and not necessarily safeguarding digital rights of citizens.
As extensively discussed during the consultative meeting, the draft framework presently relies on foundational data provided by member states. This includes data from civil registries, population registers etc. Research across Africa in countries like Kenya and Uganda, shows that existing identity systems exclude minority communities who will be further excluded by the proposed digital ID framework. There is thus a need to; learn from challenges in implementing digital ID systems and regulation like Aadhar in India, Nigeria and Huduma Namba in Kenya.
According to the framework implementation roadmap developed by the AUC, the digital framework ought to be adopted by AU Policy Organs, the STC-CICT and AU executive Council by 2021. The overall implementation of the framework is set to begin by 2023. Given the gravity of the concerns raised by the framework, it would be wise for the AUC to extend the period for this roadmap.
Following the engagement the Lawyers Hub submitted a 10 point memorandum to the AUC making recommendations to improve the framework. While it is not clear if there would be follow up engagement with the AUC at this time, we can all prepare to engage with our national authorities when they consider the framework at national level.