This article was originally published in Issue 3 of Southern Africa Digital Rights, an online publication produced under the project "The African Declaration on Internet Rights and Freedoms: Fostering a human rights-centred approach to privacy, data protection and access to the internet in Southern Africa".
The Kingdom of Eswatini has been striving to catch up with its Southern African counterparts in information and communication technology (ICT) development. Until 2017, citizens in this small kingdom had only one mobile phone operator, MTN Eswatini, which had maintained a monopoly in the mobile telephony sector since 1998. The Eswatini Posts and Telecommunications Corporation (EPTC), previously a service provider and regulator, underwent a transformation following the amendment of its establishing act. Subsequently, the regulatory role shifted to the Eswatini Communications Commission (ESCCOM), established in 2013 under the Swaziland Communications Act of 2013. [1] Operating under the Ministry of Information Communication and Technology, this commission oversees all ICT-related laws, including the Swaziland Communications Commission Act of 2013, [2] Electronic Communications Act of 2022, [3] Electronic Communications Transactions Act of 2022, [4] Computer Crime and Cybercrime Act of 2022, [5] and the Data Protection Act of 2022. [6]
Eswatini is still very much a novice in the area of regulation of the ICT sector. It is within this legal framework that biometrics and digital systems are regulated. Rollout of most these systems, however, started before comprehensive legal and policy frameworks were put in place. These systems are being implemented in SIM card registrations, voter registration and verification, civil registration, financial services accessibility and inclusion.
SIM card registration
In 2016, exercising the Swaziland Communications Commission Act, the Minister of ICT published Legal Notice No. 26 of 2016. The scope and object of the regulation was to provide a framework for the registration of all mobile subscribers in Swaziland and the protection of the subscriber information collected. [7] Mobile phone operators were enjoined by these regulations to record and store personal information of existing and new subscribers. This information included, among other things, names, addresses, identity numbers, and facial images for natural persons, encompassing both local citizens and non-Swazi individuals.
According to the Regulation, service providers are required to retain this information for up to five years after the termination of the customer’s contract or the conclusion of service by the provider. [8] Additionally, service providers have an obligation under the Regulation to safeguard subscriber information and prevent unauthorized sharing of this data.
Biometric voter registration
In 2013, during the national elections, the Elections and Boundaries Commission (EBC), which is the elections management body in the Kingdom, for the first time, used a Biometric Voter Registration System for the registration of voters. This enabled the EBC to capture photo and fingerprint biometrics of each voter. [9] This same system was also used in the 2018 elections.
National identification card
In 2003, the Kingdom initiated the National Identification Card, which includes the owner’s facial identity, full names, date of birth, chief code, and Personal Identity Number (PIN), among other details. This information is centrally stored by the Ministry of Home Affairs. However, despite recent developments allowing service providers like commercial banks to access the civil registry for identity verification, the National ID card does not yet meet the criteria for digital identification. For instance, the facial identity alone does not grant direct access to the PIN or other vital details such as a physical address, and vice versa. This significant biometric disparity highlights that the current form of the national ID is not fully exploitable in line with its potential.
Expanding the scope of the ID card system to encompass broader digital identification could yield both benefits and complications. Enhancements in digital identification might streamline access to services and online transactions, offering convenience. However, this expansion also raises privacy and security concerns, as consolidating extensive personal information in one system could attract malicious attempts to access or misuse such data. Hence, the consideration involves striking a balance between convenience and safeguarding personal information.
More time needed for stakeholder input
A quick scan of the local environment shows that the national government has not started rolling out digital identity in earnest even though there have been significant efforts at putting in place the legislative framework as can be seen in the enactment of the four pieces of legislation in 2022. The legislative process is such that ordinarily, stakeholders and members of the public have an opportunity to make inputs when the law is at Bill stage. The time for that is shortened significantly as the bills were tabled with a certificate of urgency. All four Acts mentioned above were tabled before Parliament with certificates of urgency.
Given their technical nature, it would be expected that they would only attract industry players in the ICT space but even they did not have the sufficient time to make their inputs. There are indications, however, that through the Royal Science and Technology Park (RSTP), initiatives are being conceptualised in this regard and could be rolled out in the not-so-distant future.
Strategies for ICT development
Developments in the area of biometrics and digital identity find expression in the country’s national development strategies on ICT. For instance, the National Information and Communication Infrastructure (NICI) Implementation Plan is aligned with the NICI Policy Vision. This vision aims to utilise ICT infrastructure and solutions to shape a modern Twenty-First Century Kingdom of Eswatini, fostering sustainable socio-economic development, accelerated poverty reduction, and equal opportunities regardless of gender or physical ability. The plan outlines goals across various Priority Areas: Human Resource Capacity, Infrastructure Development, Education, Strategic ICT Leadership, Financial Services Sector, ICT Industry, Legal/Regulatory Frameworks, Environmental Management, and Media. [10]
Another strategy would be the National Cybersecurity Strategy 2022-2027, one of whose goals is to foster a safe and secure information society for Eswatini. [11] The African Union’s (AU’s) Digital Transformation Strategy sees digital IDs as one of the main cross-cutting areas to support the digital ecosystem and as a key mechanism for promoting the UN concept of ‘legal identity for all’ and attaining sustainable development goals (SDGs) and Agenda 2063.
Possible benefits of biometric and digital identification systems
Nothing much is available where government is making a case or justification for deployment of biometric and digital identification systems, however, sectoral interests, particularly the banking sector see huge benefits for the industry as this will form a good basis for Electronic Know Your Customer (e-KYC). For emerging economies like Eswatini, digital identity is seen as capable of unlocking value of up to 6 per cent of the Gross Domestic Product (GDP). This can happen in the following ways:
- Digital ID can improve the efficiency of labour markets as it streamlines verification processes, enhances mobility, reduces paperwork, allows for efficient onboarding and offers better tracking and analysis: high unemployment rate in Eswatini, particularly among the youth.
- Digital ID can boost the productivity of land and agriculture through formalized land ownership: Swazi Nation Land (tribal land) vs Title Deed Land.
- Digital ID can increase access to financial services (financial inclusion). [12]
- Digital ID can help government gain revenue through the elimination of ghost workers and social security consolidation which could facilitate a more seamless process in Government to Person Payments (G2P).
Other sectors that would benefit from the full deployment of these systems are the revenue collection authority and security and law-enforcement.
Conclusion
Given the infancy level of the deployment of these systems in Eswatini, there is still little to no discourse on these issues. As with most technical pieces of legislation, debates usually start once enforcement begins and the full effect of the law is laid bare. Passing the laws on an urgent basis contributed immensely to the absence of consultation and public debate. If the experiences of most African countries who are deploying these systems at full throttle is to be referenced, threats to such freedoms as association and expression are real, especially given that politically, a lot remains tentative in the country given the tensions. It does not help that the Kingdom generally does not have a good human rights record.
Although these advancements could offer significant societal benefits, it’s crucial for civil society to remain vigilant and well-informed about their potential impact on human rights. Civil society needs to continuously monitor legislative and policy reform and learn from peers from the region and beyond. It must continue contesting the space for consultation, put in place robust advocacy strategies that are informed and raise public awareness. Human rights should not be sacrificed the altar of efficiency. In a context of already shrinking civil society space, there is need to guard against further curtailment of the enjoyment of rights. In addition to the regional, continental and international human rights obligations, Eswatini is enjoined to protect the constitutionally guaranteed rights to freedom of expression, to privacy, expression and association, among others. [13]
Notes:
1. https://www.dataguidance.com/sites/default/files/the_swaziland_communications_commission_act_2013.pdf
2. https://www.esccom.org.sz/legislation/SwazilandCommunicationsCommissionAct.pdf
3. https://www.esccom.org.sz/legislation/SwazilandElectronicCommunicationsAct.pdf
4. https://www.esccom.org.sz/legislation/ELECTRONIC%20COMMUNICATIONS%20TRANSACTIONS%20ACT.pdf
5. https://www.esccom.org.sz/legislation/COMPUTER%20CRIME%20&%20CYBERCRIME%20ACT.pdf
6. https://www.esccom.org.sz/legislation/DATA%20PROTECTION%20ACT.pdf
7. https://www.esccom.org.sz/regulations/The-Electronic-CommunicationsSubscriber-Registration-Regulations2016.pdf
8. Regulation 10(2), page 18: https://www.esccom.org.sz/regulations/The-Electronic-CommunicationsSubscriber-Registration-Regulations2016.pdf
9. https://www.idea.int/answer/ans738857696091
10. https://www.itu.int/en/ITU-D/Cybersecurity/Documents/National_Strategies_Repository/Eswatini%20NCS%202020.pdf
11. https://www.gov.sz/images/ICTDOCUMENTS/Eswatini-National-Cybersecurity-Strategy-2022-2027.pdf
12. https://digitalfrontiersinstitute.org/wp-content/uploads/2020/11/DID-Week-2020-Final-Summary-16-11-2020.pdf
13. Swaziland Constitution Act 1 of 2005.