Mrs. Drudeisha Madhub
Data Protection Commissioner
LALIT writes to report to you continued data abuse by the State of Mauritius within its ID card system.
Since its introduction in July 2013, we, together with several other trade union confederations and social organisations, have opposed the law that makes it compulsory for each and every citizen to have biometric data being taken from them for retention, storage and use by the State of Mauritius and others. We have done our duty towards data protection by a number of actions, which we have appended for your interest in Appendix I.
On 23rd July, 2014 dozens of us went to the National Identity Card Centre to request a National Identity Card without consenting to be fingerprinted or to have any biometric photograph taken. The “officials” present refused to process our applications. We each of us individually submitted a letter (see copy of letter enclosed as Appendix II) to explain our objection to submitting to biometric data being taken from us for use by the State.
Before it came to this, and as a result of our concern for the personal data of citizens being captured and stored, I, as a member of LALIT had formally taken responsibility to, in fact, contact your office. I personally rang on number 201-1620 and talked to Mr. P. Dookee, your Senior Data Protection Officer, about this matter on Tuesday 8 April, 2014 at 14:10 hours. He made it clear at the time that there was nothing that the Data Protection Office could do. He said it was “Government policy”, and a “Memorandum of Understanding” had been signed with a private company, and that all issues “had been cleared”. He said there was no question of data being illegally exposed.
However, subsequently, as you know, two Supreme Court judgements of 29th May this year have ruled, to the contrary, that “provisions in the National Identity Card Act and the Data Protection Act for the storage and retention of fingerprints and other personal biometric data collected for the purpose of the biometric card of a citizen of Mauritius” are, in fact, unconstitutional.
In addition, the Supreme Court in Jugnauth Pravind Kumar (Hon) v. the State of Mauritius and Anor 2015 SCJ 178 actually granted a writ of injunction “prohibiting the defendants [the State of Mauritius, the Prime Minister, the ICT Minister, the Attorney General and the Civil Status Registrar] from storing, or causing to be stored, as the case may be, any fingerprints or biometric information data [sic] obtained on the basis of the provisions in the National Identity Card Act and the Data Protection Act.”
The Cabinet of Ministers of 5 June 2015, taking note of the Supreme Court judgements announced the following decisions: “The ID Card system is being reviewed to remove the biometric data, including photograph, fingerprint image and fingerprint minutiae. New processes are being worked out for first time registration and when applying for replacement ID cards.”
Yet nearly three months after the two Supreme Court judgements:
We add that it is clearly unacceptable that, to get a new ID card as one turns 18 or in order to replace an old card that has been lost, people are being required to sign a “Consent Form” to “agree” that biometric data be taken from them for temporary storage in an ID card database that has been declared unconstitutional. A Court Injunction cannot simply be flouted by means of a scrap of paper giving supposed “consent”.
As you know, your functions under the Data Protection Act include that you “exercise control on all data processing activities, either of its [sic] own motion or at the request of a data subject, and verify whether the processing of data is in accordance of this Act or regulations made under the Act” and that furthermore, you “investigate any complaint or information which give rise to a suspicion that an offence, under this Act may have been, is being or is about to be committed”.
Given the two Supreme Court Judgements shedding new light on abuse of data through the ID card system, we formally call on you to take action so as to ensure that:
In conclusion, we would like to inform you that we have done our utmost, before resorting to reporting the offenders to you, to call on them to respect their political program and the Supreme Court Judgments, as well as the Injunction. We have done the following:
1. Petitioned the new Government on 30 December, 2014 (Signed by organizations: Confederation of Independent Trade unions, Muvman Liberasyon Fam, Centre Idriss Goomany, Confederation Travailleurs Secteur Prive, Labaz intersindikal, Playgroups, ACIM, LALIT). Petition addressed to both Prime Minister and Minister of Technology, Communication and Innovation.
2. Written an Open Letter to those now in Government who opposed the biometric ID Card system (i.e. Hons. Collendavelloo, Pravind Jugnauth, Roshi Bhadain, S. Teeluckdharry) on 12 February, 2015.
3. Following the Supreme Court judgements, written a letter to the Prime Minister on 12 July, 2015 (Signed by organizations: Confederation of Independent Trade unions, Muvman Liberasyon Fam, Centre Idriss Goomany, Confederation Travailleurs Secteur Prive, Labaz Intersindikal, Playgroups, ACIM, LALIT, JUSTICE, ABAIM and the Federation des Travailleurs Unis).
4. A letter to Minister of Technology, Communication and Innovation (Pravind Jugnauth) on 12 July, 2015, sent again to his replacement, Minister Bhadain, on 4 August, 2015.
To no avail. The Injunction continues to be infringed. The Supreme Court Judgment continues to be flouted. Personal data continues to be exposed to danger, without any protection from your Office.
We call on you to remedy the continued exposure of peoples’ personal data to all the dangers listed by the Supreme Court.
18 August, 2015