South African networks may have to collect fingerprints, faces — and POPIA won’t stop it

The Independent Communications Authority of South Africa (Icasa) said it had received substantial feedback on its proposal to make mobile networks verify the identity of customers using biometrics.

Icasa published the draft regulations for public comment in March 2022, and now that it has received feedback, it will decide on the next steps.

“It is now being considered, and we will then decide what the next step of consultation should be,” City Press quoted Icasa spokesperson Paseka Maleka as saying.

Icasa’s proposed rules aim to combat rising SIM-swap fraud, where criminals take over mobile numbers through either number porting or fraudulent SIM swaps.

Mobile network operators have been weighing the ramifications of the proposal, and Cell C’s chief legal officer Zahir Williams previously told MyBroadband that the members of Comric would meet to discuss the proposal.

“The collection of subscriber biometric data is an important telco industry matter that will be considered at an industry forum provided by the Communications Risk Information Centre (Comric),” Williams said.

“Cell C, Vodacom, MTN, Telkom and Liquid Intelligent Technologies are members of Comric and will be meeting in the coming weeks to discuss factors that must be taken into account when collecting biometric information,” he added.

MTN told MyBroadband that the outcome of Comric’s assessments would guide it.

Vodacom said it was encouraged by the improved customer protection measures suggested in Icasa’s draft regulations.

However, while the proposal will add another layer of protection for mobile network customers, there are concerns over the safety of the biometrics and how easy it would be to fool recognition systems with false or stolen data.

There is also concern that the new requirement will make it too cumbersome for subscribers to migrate between networks.

Ahmore Burger-Smidt
Ahmore Burger-Smidt, Werksmans Attorney director and head of data privacy practice

One criticism levelled at Icasa was that the draft regulations could violate the Protection of Personal Information Act (POPIA).

However, Ahmore Burger-Smidt of Werksman Attorneys said the criticism is unfounded.

She explained that those who believe it is in contravention of POPIA’s regulations relating to the processing and availability of personal information have the incorrect interpretation.

“POPI does not place an absolute ban on the processing and use of personal information. It prescribes measures for how and when you can use it,” Burger-Smidt said.

Burger-Smidt said that regulations surrounding biometric data and SIM cards should be mandated by the Regulation of Interception of Communications and Provision of Communication-related Information Act (Rica).

Rica stipulates that cellular users must prove their identity and residence before they can be issued a SIM card.

Now read: Huge MTN data growth

Latest news

Partner Content

Show comments


Share this article
South African networks may have to collect fingerprints, faces — and POPIA won’t stop it