- May 2024
Registration on the database of refugees in Kenya has placed Kenyan nationals at risk of statelessness. This article discusses how this came about and considers the importance of data security, privacy and subject rights.
Over 40,000 Kenyans are estimated to be victims of double registration, where their fingerprints appear in the database of refugees managed by UNHCR and the Kenyan government. This means that, although they are entitled to Kenyan citizenship, they cannot acquire national identity cards because they appear in the refugee database, leaving them in a form of registration limbo. They cannot enjoy the full rights entitled to either refugees or Kenyans.
The national identity card and passport are the two documents that prove citizenship. When a person applies to the Kenyan government to obtain these documents, the government checks to see if their fingerprints match prints already in the UNHCR and government refugee database. If the prints are already in the refugee database, even if the person is not actually a refugee or is entitled to Kenyan citizenship, they will be denied Kenyan identity documents. This puts victims and their children at risk of statelessness.
Reasons for double registration
There are two underlying reasons a person might end up ‘double registered,’ that is, with fingerprints in the refugee database while being entitled to registration in the Kenyan government database of nationals:
- When severely impoverished Kenyan nationals in communities near Dadaab and Kakuma camps realised that refugees were obtaining aid after registering in the UNHCR refugee database, some decided to register themselves in the refugee database in order to access aid.
- On citizenship, Kenya applies the principle of jus sanguinis, i.e. a child’s citizenship is determined by that of their parents. The Constitution of Kenya requires only one of the parents to be Kenyan for the child to be a Kenyan, so a child born to a refugee and a Kenyan is entitled to citizenship. However, the children of Kenyans married to refugees were registered on the refugee database.
The influx of refugees from Somalia, Ethiopia and Sudan between 1991 and 2007 saw the introduction of the encampment policy in Kenya, with the establishment of Dadaab and Kakuma refugee camps. In addition, the government of Kenya surrendered its refugee management role to UNHCR. UNHCR was responsible for receiving and registering refugees and carrying out refugee status determination for asylum seekers. Subsequently in 2007, when the Refugees Act of 2006 was operationalised, the Department of Refugee Affairs (DRA) took over refugee management from UNHCR and took over the refugee database in 2016.
In the 1990s Kenya was getting a huge influx of refugees from Somalia as well as grappling with periodic droughts in northern Kenya where Dadaab and Kakuma refugee camps are located. Due to the history of marginalisation in the northern parts of Kenya, the droughts and under-development hit the local Kenyan communities hard. As a result, some ethnic Somali Kenyans from the host communities registered themselves and their children as refugees to access services provided by UNHCR and partner organisations like food aid, education, healthcare and, in a few cases, an opportunity for resettlement.
The problems with double registration began with the implementation of the biometrics system by UNHCR from around 2007. UNHCR introduced biometric registration to better manage the hundreds of thousands of refugees living in the camps and address fraudulent cases that arose during food distribution. Food rations were given according to the number of people in a household. Some households were using the ration cards of absent family members to collect extra rations. Sometimes, extra food was traded for money, services, or other goods.
The biometric system made it easier for UNHCR to verify individuals’ identities, but it also led to unintended consequences. Many Kenyan nationals were registered as minors without their consent and only realised that they were in the refugee database when they applied for the Kenyan national identity card at 18, when it was subsequently denied.
Furthermore, interactions between host community members and refugees led to marriages that bore children. Kenyan women who were married to refugees lived in the refugee camps, and their children, would be registered as refugees despite being Kenyan citizens by birth.
The impact of double registration on individuals
Without a national identity card, a person’s movement is limited to within the locality of the camps. Limited freedom of movement limits their social and economic opportunities. Additionally, they cannot access government services, register a bank account, get a SIM card, register for MPESA (mobile banking) or engage in formal employment (although the law was changed in September 2023 to allow the refugee ID to be recognised for these purposes, the change has not yet been implemented in practice). One victim named Aden explained that his political ambitions were thwarted: Since he could not register as a voter, he lost an opportunity to be nominated as a Member of the County Assembly (MCA) in his home county, Garissa. Aden eventually got his national identity card in July 2023 after participating in a vetting exercise conducted by UNHCR and the Department of Refugee Services (DRS).
In March 2021, the Kenyan government issued a 14-day ultimatum demanding that UNHCR develop a plan for the closure of Dadaab and Kakuma camps, failing which, refugees would be forcibly repatriated to their countries of origin. The ultimatum caused panic among victims of double registration who feared they would be forced out of their own country. The NGO Haki na Sheria filed a petition challenging the government’s actions and obtained interim court orders halting the repatriation. The main petition is yet to be determined. However, a separate petition filed by the Kituo cha Sheria and others challenging the government’s ultimatum on camps closure was allowed on 15th March 2024.
Resolving the issue of double registration
Double registration raises pertinent questions about data security, privacy, consent and data processing. The effects of these challenges are only now being felt years after the data of most double registrants was collected. UNHCR adopted its first policy on data protection in 2015 and adopted the most recent iteration in 2022. Kenya’s Data Protection Act (DPA) was passed into law in 2019. Both the policy and the DPA now have provisions that should remedy the challenges of double registration if they are followed to the letter.
Under the DPA, victims of double registration fall under the category of data subjects. The act defines a data subject as an identified or identifiable natural person who is the subject of personal data. Section 26 of the DPA gives the provisions of the rights of a data subject. They include the right to:
- be informed of the use to which their personal data is to be put;
- access their personal data in custody of data controller or data processor;
- object to the processing of all or part of their personal data;
- correction of false or misleading data; and
- deletion of false or misleading data about them.
If this option had been provided earlier, victims of double registration who had their biometrics taken when they were minors would have had the opportunity to correct the error before the data was transferred from UNHCR to the Kenyan government.
The DPA also contains provisions on data security and data privacy. In Kenya, the right to privacy is guaranteed in the Constitution of Kenya, 2010. The DPA gives effect to this right by providing regulations on the processing of personal data, establishing the rights of data subjects, and setting forth the obligations of those who control and process data. Most importantly, the act provides for the Office of the Data Protection Commissioner whose main mandate is overseeing the enforcement of the act.
The Kenyan government is well aware of the double registration problem and has been conducting vetting exercises to remedy the situation; the most recent one took place in August 2023. The government embarked on a vetting exercise to de-register Kenyans who are in the refugee database. The exercise takes a long time because the security and intelligence personnel in the Kenyan government have to be engaged to avoid cases of fraud.
In 2023, the Kenyan government embarked on the formulation of a socio-economic inclusion plan for refugees and host communities dubbed Shirika plan in line with the provisions of the Refugees Act, 2021. The plan aims to:
- ease the pressure on refugee-hosting communities in Garissa, Turkana and urban areas by mobilising additional financial, technical and material support in the spirit of responsibility sharing;
- facilitate the transition from refugee camps to integrated human settlements and robust economic hubs;
- enhance refugee and host community socio-economic inclusion for enhanced self-reliance and resilience; and
- facilitate the transition of refugee basic service delivery from a humanitarian-led approach to government systems.
The Shirika plan envisions six key components with the first one focusing on systems building and enabling policy frameworks. Although the issue of double registration is not explicitly stated in the plan, it falls under this component, which primarily deals with the rule of law and justice.
Conclusion: raising awareness of data security and the risks of double registration
According to Haki na Sheria’s 2021 report, it is estimated that there are over 40,000 victims of double registration. The Refugees Act of 2021 attempts to address this issue by criminalising double registration in Section 41(3).
“A person commits an offence if that person:
Being a Kenyan citizen, knowingly applies or obtains recognition, admission, or registration as an asylum seeker or refugee in Kenya; Being a refugee, knowingly applies for a Kenyan identity card or passport….”
The law states that anyone convicted of the charges above will pay a fine of up to Kshs 500,000 or 3 years imprisonment or both. Although there have not been any reports of refugees or Kenyans charged under this section, the law takes a very drastic approach. Given the humanitarian circumstances that drove most victims to register as refugees due to drought and under-development in their counties, the law may be further marginalising an already marginalised group of people.
In conclusion, the digital revolution has undoubtedly revolutionised refugee management and the storage of personal data while presenting opportunities as well as challenges. This article has shed light on the complexities surrounding double registration from a legal standpoint. It is evident that while digital technology has improved refugee management, it has also posed risks to privacy, data security and statelessness. Moving forward, enhancing public awareness and education regarding the implications of double registration and the vulnerabilities of personal data in digital databases is crucial. Both refugees and host community members ought to be empowered about the potential risks involved to foster a more informed society.
Wangui Gitahi
Senior Protection Officer, Amnesty International Kenya
wangui.gitahi@amnesty.or.ke linkedin.com/in/wangui-gitahi-817a19152