Mandatory SIM registration: policy and regulatory perspectives in the absence of data protection laws

The mobile sector is creating a major socio-political and economic impact across the globe. In the past ten or so years, GSMA has produced a significant body of knowledge and learnings around the applications of mobile for development (M4D). Indeed, the mobile industry has changed the manner in which public services are delivered as well as the approaches to business and social life. Yet, certain legal policies may – perhaps inadvertently – prevent some vulnerable people from being able to access mobile services. For example, GSMA identified at least 147 governments across the world requiring prospective mobile users to show proof-of-identity before a Mobile Network Operator (MNO) could activate a prepaid mobile SIM. GSMA observes that at very least 95% of SIMs in Africa alone are prepay structured. These decrees which mandate subscribers to register their identities to activate a mobile SIM, are fast becoming a common place. While the more prevalent reason advanced for the adoption of these policies is security, there seems to be little stakeholder debate in some countries attempting to get to an understanding of a broader ‘all-round’ diversity of impacts associated with the regulatory move.

Though wide spread benefits of SIM registration exist, an often disturbing concern is one bordering on the possible breach on a subscriber’s privacy and associated impact. It is worse when personal data and privacy is not protected in law. The question that follows then is “if a subscriber’s privacy is invaded without valid consent, does s/he have a recourse to defend the threatened privacy?”

In a soon to be published update to the earlier research, at least 50% per cent of the countries worldwide that have mandated the prepaid SIM card registration, do not and/or have not provided a legal framework for consumer privacy or data protection. In fact, over half of the number reside in the developing countries. Thus, in the absence of a clear and concise data protection and/or privacy laws, there are likely to be more consumer calls for increased transparency on how personal data are used. This is cognisant of the fact that transparency to consumers about how their personal data is used is important for maintaining high levels of trust in digital and mobile ecosystems, thus maintaining trust helps encourage adoption of mobile services which are linked to a person’s identity.

Could it then be a more prudent regulatory transformation by governments to consider having a robust data protection framework preceding any efforts towards mandatory SIM registration? On this particular front, there appears to be a headroom for the development sector and the MNOs to collaborate with governments and intergovernmental entities to offer guidance in the space of compulsory SIM registration. This could allay many societal fears and may enable subscribers understand the importance attached to their personal data. These conversations could be shaped to simplify the regulatory environment for the mobile network operators (MNOs) while highlighting the benefits of data privacy. The conversations could also highlight the role identification and mobile access in a country’s digital transformation journey. These efforts can help build an enabling policy environment that engenders trust and nurtures an ecosystem of mobile-enabled digital identity services.