Rédaction Africa Links 24 with Otto Gotlieb
Published on 2024-04-09 17:00:00
The Communications Regulatory Authority of Namibia (Cran) has raised concerns about the Mobile Telecommunications Company (MTC) collecting biometric data from clients during the SIM card registration process, stating that it is a breach of privacy.
In response to a report published by The Namibian on 24 February, Cran spokesperson Mufaro Nesongano refuted claims that Cran was driving the collection of biometric data from mobile telecommunication companies. The report suggested that Cran’s regulatory inefficiency was leading to data privacy breaches in the telecommunications landscape of Namibia.
Nesongano clarified that biometric data was not a mandatory requirement for SIM card registration, unless customers voluntarily chose to provide it. Cran issued directives in May 2023 to emphasize this point and conducted compliance-monitoring exercises throughout the year to ensure operators were not mandating biometric data collection.
Efforts to engage with the author of the report, Paul Rowney, were unsuccessful, as he did not provide evidence to support his claims. Cran invited the public to report any cases of mandatory biometric data collection by mobile operators.
Researcher Frederico Links supported Cran’s stance, highlighting the national concern and potential security breach posed by collecting customers’ biometric data without proper communication and assurance of data safety. Links pointed out the lack of a secure data-handling system at MTC, referencing reports of clients being affected when MTC suspended unregistered SIM cards.
MTC spokesperson John Ekongo stated that the company’s current focus was on restoring services for customers with suspended SIM cards. MTC justified its decision to continue collecting biometric data by aligning with the EU GDPR, even in the absence of data-protection legislation in Namibia.
Patience Kangueehi-Kanalelo, MTC’s legal executive, explained that the company viewed personal data, including names, surnames, identification numbers, and addresses, as essential for compliance with future data protection laws. She mentioned that the EU GDPR practices were guiding MTC’s data collection processes.
Rowney challenged MTC’s alignment with EU GDPR, criticizing the lack of opt-out options and transparency in data collection. MTC did not address questions regarding data safety nor confirmed reports of a security breach within the company.
Kangueehi-Kanalelo acknowledged a security issue arising from an internal leak of the online registration link meant for MTC employees. The link was intended for testing purposes but was circulated beyond its intended audience.
In conclusion, the debate between Cran, MTC, and researchers like Frederico Links underscores the importance of privacy and data protection in the telecommunications sector. It is crucial for regulators, companies, and consumers to work together to establish clear guidelines and safeguards for handling personal data in the digital age.
Read the original article on The Namibian
