The constitutional complaint filed in the Supreme Court on November 21 by Rama Valayden and Ivor Tan Yan will be examined by the judge on February 15. The Information and Communication Technology (SIM Registration) Regulations 2023 require all SIM card holders to re-register their cards. This operation must be carried out by April 30 this year, otherwise unregistered SIM cards will be deactivated.
However, the vast majority of SIM card holders have not yet done what is necessary. The two lawyers contest the exercise arguing that it is a violation of the Constitution for several reasons.
“It is crucial to have the government’s version. The response that the State will provide, on February 15, will cover the various points that we have raised, which will allow us to see things more clearly,” says Ivor Tan Yan.
As for SIM card holders, there is no hurry, despite regular reminders from mobile telephone operators, including Emtel, Mauritius Telecom and Mahanagar Telephone Mauritius Ltd (MTML). Although the mandatory SIM card re-registration process began on October 31, 2023, only 350,000 SIM cards have been re-registered according to the latest figures.
Jérôme Louis, officer in charge of the Information & Communication Technologies Authority (ICTA), confirms this information. “So far, 350,000 SIM cards have been re-registered. We advise the public to take the necessary measures before the deadline, otherwise they will be deactivated,” he warns. Three weeks ago, the number was 300,000, and progress appears relatively slow.
According to Statistics Mauritius, as of December 31, 2022, the country had 2,096,800 active SIM cards in circulation. This represents only about 16.7% of SIM cards that have been re-registered. Faced with low public participation, telephone operators will be called upon to step up pressure on their subscribers, as will the Information and Communication Technologies Authority (ICTA).
At the level of the authorities, the possibility of postponing the deadline and pushing it back slightly is already being considered to give people time to take the necessary measures. However, the Prime Minister's Office says that we are not there yet.
In addition to personal data, the mobile operator must take a color photo of the SIM card holder, through a selfie taken by the user, and verify it with other information provided electronically from a database already existing. For several years, SIM card holders have already had to register them, but by providing very basic information. The new information, which is more detailed and therefore includes a photo of the person, will be kept indefinitely by the operators, who may share it with other entities under strict conditions and in very specific circumstances.
This is precisely what Rama Valayden and Ivor Tan Yan are contesting. In their view, the creation of a database by the State would be illegal, because it would facilitate the interception of messages and emails sent by mobile phone. They also fear that there are not enough safeguards against the dangers of hacking and identity theft, among others.
For them, the right to privacy is violated, which would constitute “an obstruction of the Constitution”.
The collection and indefinite retention of personal data violates Articles 1, 2, 3, 9 and 12 of the Constitution, as well as Articles 18 and 22 of the Civil Code, according to Rama Valayden and Ivor Tan Yan. According to them, the obligation to provide a selfie would violate articles 1, 3, 9 and 12 of the Constitution, as well as articles 18 and 22 of the Civil Code.
On October 24, in Parliament, the Prime Minister, Pravind Jugnauth, explained that the objective was to apply a recommendation made by the commission of inquiry into drugs in its July 2018 report. This measure aims to “ensure the traceability, reduce the risks of malicious practices and strengthen the security of the telecommunications sector,” he was to tell the House. Both on the side of the ICTA and the operators, it is specified that the data is encrypted and protected in accordance with the rules established by the Data Protection Act and the General Data Protection Regulation of the European Union.