South Africa considers mandatory re-registration of five-year olds’ biometric data to tackle ID fraud

A proposed change to legislation in South Africa would require the re-registration of children’s biometric data with the government when they turn five.

The Draft Official Identity Management Policy published last week by the Department of Home Affairs (DHA) suggests every South African child would be required to reregister their identities as well as their biometric data at age five to prevent non-ID holders successfully gaining a digital ID using a child’s data.

Under the plan, even if a child’s biometric data is registered shortly after birth, the data must be recaptured during reregistration.

The plan is part of a coordinated shakeup of the South African identity scheme to combat identity theft. The policy paper states, “It is currently possible for anyone who has not applied for an ID to successfully claim and use the identity of another who has also not applied for an ID. This is possible because children’s biometrics were not captured.”

“Especially in borderline communities,” it adds, “where birth certificates of deceased children are sold to foreign nationals.”

Under the principles outlined in the draft policy, it would also be mandatory to collect the biometrics of a child at birth if “technology and medical conventions allow”. If impossible, the mother is required to provide her own biometric data for the child’s birth certificate, the draft adds.

The government states that reregistration of biometric data is needed at age five as “not all biometric traits captured from children shortly after birth can be used to verify their identities later in life,” the draft policy states. When reregistered, photographs of the child’s face and iris will be taken as well as all ten fingerprints. Photographs of the child’s ear may also be required.

Additionally, if the law passed, identity numbers ascribed to a child will be processed along with their biographic data and linked to their parents’ identity numbers and mother’s biometric data.

The draft also recommends the legal age for applications for a full digital ID be reduced from 16 to 10 years old.

In 1982, the DHA established the National Population Register (NPR) to enable it to store biometric data and other data specified in the Identification Act 1997. The NPR will be replaced with NIS, which will house the information collected on those within the region, and “will be the backbone of identity management and cut across the social, political and economic spheres,” according to the draft. It adds, “the DHA is building an NIS that is inclusive, digital, secure, accurate, confidential and responsive.”

The South African government considers its digital identity management scheme as essential in overcoming the “historical legacy” of the apartheid systems that divided South Africans into separate geographic and “identity enclaves”.

It adds: “Some of the daunting challenges the DHA faces are rooted in South Africa’s history of a system that differentiated South Africans based on race and geographic origin and enshrined them in the separation of the former Republic of South Africa from the homelands and self-governing territories.”

“Identity management, under the DHA’s legal mandate as the sole provider of official identity and civic status verification in South Africa, is an important and pressing issue given the technological advances unfolding globally, especially the growth of the digital economy,” the draft states.



The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.