The Communications Authority of Kenya has moved to put to rest fears over the collection of sensitive personal data in the country’s new SIM card registration process. Concerns had emerged that DNA, fingerprints, or retinal scans could be required for mobile line registration, prompting questions about privacy and the safety of users’ information.
In a statement issued Tuesday, the Authority insisted that no instructions have been given to mobile network operators to collect such data. It explained that the regulations published in May 2025 are intended to curb fraud, identity theft, and scams, while reinforcing trust in Kenya’s digital platforms.
“These concerns are unfounded. For the avoidance of doubt, the Authority has not issued any directives for the collection of biometric data by our licensees,” the Authority said.
The regulator said the new rules were introduced to prevent SIM card fraud, safeguard the integrity of telecommunications, and support secure access to digital services such as mobile payments, government services, and online commerce.
It clarified that while biometric data is defined in the regulations as information derived from physical, physiological, or behavioural characteristics—including blood typing, DNA analysis, fingerprints, earlobe patterns, retinal scans, and voice recognition—this does not mean such data will be collected from subscribers during registration.
The Authority reiterated that telecommunications companies must continue to manage user information according to the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019. Sharing subscriber data without consent or a lawful order is prohibited.
“CA and the ODPC will provide strict oversight, including regular audits and issue strong penalties for abuse or misuse of customer data,” the Authority said.
Regarding potential suspension of services, the regulator said operators can only deactivate SIM cards after giving prior notice, and only when users provide false information or fail to meet registration requirements repeatedly.
“Operators are required to institute clear, fair and transparent procedures for all dealings with consumers,” the CA added.
The Authority acknowledged ongoing frustrations with spam messages, unauthorized subscriptions, misuse of phone numbers, and premium services. It said the improved SIM registration process is part of a wider effort to enhance protection for mobile users across networks.
The regulator also highlighted support for innovations such as number masking on mobile money platforms, describing these features as key to maintaining digital trust and protecting consumers.
“The Authority is fully committed to Kenya’s digital transformation; we will continue to work tirelessly to ensure digital inclusion and safety, uphold consumer rights and provide responsive and transparent regulation for Kenya’s ICT sector,” the CA said.
