Can South Africa become a digitally evolved economy? In short, the answer is yes. But the question remains whether we will embrace open data-flow policies that make digital business activities more accessible and reassure citizens of robust privacy protections and digital security. The proper foundation needs to be in place for a digital ecosystem to thrive.
The shift to widespread digitalisation has been expedited by the Covid-related chaos and economic decline globally. Companies are fast adopting new strategies and processes to keep up with the hybrid world — in the South African context digitalisation doesn’t happen in a vacuum; the government plays a critical role in scaffolding the adoption and success of digital economies.
The Ramaphosa presidency has paid a lot of lip service to the Fourth Industrial Revolution (4IR), but does it end there? Where are we, digitally speaking?
A handy metric is the Digital Evolution Index, which measured the trust in the digital economy and its evolution across 90 economies as they grappled with the pandemic. Currently, South Africa sits at the 54th spot and is under the index’s “Watch Out” category (the others are “Stand Out”, “Stall Out” and “Break Out”).
How does the country move out of that ominous section and into the realistically obtainable and more favourable “Break Out” one? For the most part, the answer lies in investing in infrastructure to give our whole population access to digital education and improve digital innovation incentives to drive consumer products and services. This, of course, can only be put in motion if the government plays its part in driving digital adoption and cheerleading transformation. Credit must be given where it is due; they are trying, but is it enough?
South Africa is consistent in publishing reports and policies aimed at propelling us into the digital age. The latest instalment is the Draft ID Management Bill, which seeks to introduce a new ID system to act as a single source of information on all citizens. This would undoubtedly help the Department of Home Affairs (DHA) catch up to more established economies.
The ins and outs of ID management in South Africa
As it stands, the DHA is the sole authority on issuing and regulating official South African identity and citizenship (this ranges from identity documents and birth certificates to marriage certificates and passports). According to the Constitution, no citizen must be deprived of citizenship. Every child has a right to a name and nationality from birth. The concepts of identity and citizenship are also essential for enabling the empowerment and economic development of the people of the nation.
The push towards modernising the National Information System
In a nutshell, the identity management policy sets out the vision, goals and objectives of the DHA regarding the creation of a modern and secure National Information System (NIS). This is long overdue, as the DHA’s current National Population Register is not only outdated (it was established in 1982), it’s by no means inclusive. The register was used to determine a person’s identity, linked to biometric data and personal information, but limited to citizens and permanent residents. The new system will include citizens and non-citizens within the territorial jurisdiction of the Republic. At present, the DHA operates without an approved identity management framework that can address how the DHA would regulate personal information under the protection of the Personal Information Act 4 of 2013. The NIS is set to interface with other government identity management systems and generate critical data needed by e-government and e-commerce.
The 10 principles of the modernised identity management system in South Africa
- Every individual has universal coverage from birth until death
This includes providing legal identification to all residents, including immigrants, via a system free from unfair discrimination. To mitigate this risk, vulnerable groups must be identified. The Identification Act and Births and Deaths Registration Act does not provide birth certificates to children whose parents are not citizens or under permanent residence. Furthermore, the status of a child who is born intersex is not covered at birth registration. The draft makes great strides in recognising marginal groups and bringing gender and self-identification into a new era. All deaths will be registered to avoid theft of the deceased’s birth certificate.
- All barriers to accessing an ID and increased access to information and technology will be removed
This is primarily focused on making ID service affordable and accessible for those in remote areas. Currently, individuals who cannot afford identity documents are excluded from the identity management system.
- All ID systems must be robust, secure, unique and accurate
To mitigate any risk of information being stolen, tampered with or misused, the classic green ID books must be phased out. The DHA must embrace automation to enhance and modernise its operations. Registration must be verified by the rigorous checking of the accuracy and authenticity of any supporting documents.
- The system is interoperable and responds to different users
Essentially, this means that identification and verification services must be flexible and scalable to meet end-users’ needs. Interoperability involves different functional units communicating, and exchanging data through systems, databases and applications. To achieve this, the official data management system must be developed. All databases must be integrated and allow governments to verify the information. Interoperability also applies to cross-border operations. It seeks to facilitate mutual recognition of physical and digital IDs issued by another country to increase trade and enable safe and orderly migration.
- Embracing open standards and ensuring vendor and technology neutrality
The primary goal here is to make sure the system’s design is fit for purpose and able to meet policy and development objectives. Robust procurement guidelines will help ensure healthy competitions and innovation. Additionally, facial biometrics, virtual identity and use of digital travel credentials, including the use of advanced electronic signatures, will result in improved functionality of identification systems.
- Protecting user-privacy and control through its system design
The onus of protecting personal data should not be on the individual. This means that implementing top-notch privacy-enhancing technologies and security systems is crucial.
- Financial and operational sustainability without compromising accessibility
There is a need to develop different business models that cater to reasonable and appropriate service fees for verification of identity. Currently, the DHA does not have a defined funding model to sustain its ID management system through revenue generation. Some of the recommended revenue generations include low-cost fees, market-related fees for the private sector, pricing discount for frequent users and pricing based on the type of data requested for authentication and verification services performed online.
- A comprehensive legal framework
Promoting trust in a system is always vital. That can be achieved by prioritising the safeguarding of data privacy, upping securing and, ultimately, reassuring users. The regulations must be crystal clear about the purpose of an identification system, it’s roles and responsibilities of various stakeholders, how data is going to be collected and stored, and liability and recourse for ID holders. To succeed, the government must own critical information infrastructure by creating and maintaining technology sovereignty when designing the NIS.
- A clear institutional mandate and accountability process in regulating the ID system
The terms and conditions that apply to institutional relations among parties must be clear to all involved, including accountability and transparency processes around the roles and responsibilities of identification system providers. South Africa does not provide any legislation to affirm that the sole provider for official identity services is the DHA; thus, the DHA cannot challenge these entities.
- Providing adjudication services to enforce legal and regulatory frameworks
To help ensure stakeholders use identification systems appropriately, they must be monitored independently. Currently, this is not the case, and it certainly doesn’t help that the Protection of Personal Information Act (POPI) isn’t operational yet. However, the Information Regulator of South Africa could be declared an independent oversight authority, ensuring compliance with our privacy and data laws. Another important aspect is establishing an independent body that is legally empowered to oversee official identity processing and hold parties accountable.
What about POPI’s impact?
This specific piece of legislation regulates how public and private entities process personal information that gives effect to the right to privacy, subject to certain limitations aimed at protecting other rights. The POPI Act seeks to protect personal information and prohibit unlawful collection, dissemination, and use of personal information. In this specific context, any data handled by an organ of the state that qualifies as personal data will need to comply with the POPI regulations.
For instance, it means that one department cannot dump its data onto another, which would curtail some benefits of information-sharing, like better government service delivery, improved risk management, and duplicated work. However, this kind of inter-institutional sharing could lead to an infringement of the right to privacy and data protection. The act’s stance is clear: personal information can only be processed with the persons in question’s consent.
Funding and implementing the identity management policy
This is a roadblock in our journey to digital empowerment. The DHA’s current budget of R8-billion is simply not enough, resulting in many people not accessing their right to citizenship and an influx of illegal immigrants. A well-funded DHA, with modern systems and empowered professional staff members is a crucial enabler to achieving economic development and unlocking new revenue and investment streams.
And when it comes to the roll-out, there are three ‘horizons’ planned:
- The first horizon focuses on developing a legal and policy framework for the NIS and population register;
- The second horizon places emphasis on creating the population register, which must be fully operational and includes everyone who lives within the Republic. Furthermore, integration of DHA systems must be completed, a single database for government and e-government must be functional, and NIS must interface with private sector systems and neighbouring countries; and
- The third horizon is fully realised when the legacy model replaces the old version and maintains world-class standards accompanied by adequate funding.
Navigating the pandemic with a Covid-19 passport and electronic vaccination data system
As the vaccination initiative gets going in South Africa, the government is developing an electronic data system to track and monitor the progress. This will not only assist with the roll-out of Covid-19 vaccines, but it will also aid with managing and monitoring the vaccination programme. In addition to patient and safety information, the system will be designed to send notifications to people due for a second jab; track and trace defaulters; and capture reasons of those who refuse to be vaccinated. South Africa’s Department of Health states that all those who will be vaccinated will be placed on the national register and be provided with the vaccination card.
Over these next few crucial months, a form of ID and proof of vaccination will be necessary, particularly for international travellers: Denmark is developing a digital vaccine passport so that its citizens can prove that they’ve been vaccinated; Spain is compiling a database for anyone who refuses vaccination, which they will share with the European Union; and Greece is calling for a vaccination certificate that will be approved across all member states. Estonian and United Nations health agencies are currently creating an e-vaccination system that issues certificates known as the smart yellow card. On the business side of things, many entities, such as Oracle and Microsoft, are developing systems that allow individuals who have been vaccinated to access vaccination records in a secure and privacy-preserving way.
Can South Africa become a digitally evolved economy?
In short, the answer is yes. But the question remains whether our country will embrace open data-flow policies that make digital business activities more accessible and promote data generation by reassuring citizens of robust privacy protections and digital security. As always, the proper foundation needs to be in place for a digital ecosystem to thrive.
Perhaps when people are empowered by the constitutional concepts of identity and citizenship, which will be streamlined with digital IDs, they will also become proponents of a digitally evolved country. This sets South Africa on a new trajectory with the likes of Estonia — a country well known for its digital governance. It paves the way for tremendous opportunity.
Will we finally “Break Out”? DM
Information pertaining to Covid-19, vaccines, how to control the spread of the virus and potential treatments is ever-changing. Under the South African Disaster Management Act Regulation 11(5)(c) it is prohibited to publish information through any medium with the intention to deceive people on government measures to address Covid-19. We are therefore disabling the comment section on this article in order to protect both the commenting member and ourselves from potential liability. Should you have additional information that you think we should know, please email [email protected].