Дата публикации
Teaching professor at the Higher School of Law of Maqsut Narikbayev University and EDF Academic Advisor Dana Utegen conducted research into the use of biometrics and digital identification, as well as the risks that arise with it.
The report focuses on countries in Central Asia, including Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan, and is part of a cross-regional study aimed at identifying and comparing the threat status, use and impact of biometrics and digital identity in Africa, the Balkans, Central Asia, Latin America and the Caribbean basin, as well as in South and Southeast Asia.
To ensure an effective implementation of biometric and digital identity programs in Central Asian countries it is recommended for:
The report focuses on countries in Central Asia, including Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan, and is part of a cross-regional study aimed at identifying and comparing the threat status, use and impact of biometrics and digital identity in Africa, the Balkans, Central Asia, Latin America and the Caribbean basin, as well as in South and Southeast Asia.
The Central Asian countries featured in this report have implemented biometric and digital identification programs to varying degrees. Kyrgyzstan is the only country in the region with a separate law on biometric registration, linking it to the electoral process.
Since 2014, the government of Kyrgyzstan has required mandatory biometric data collection from citizens, including facial images, fingerprint patterns, and handwritten signatures, with the aim of preventing crimes and simplifying public services and identification. However, concerns have been raised by civil society activists about the constitutionality and privacy implications of the law, which were dismissed by the government.
Other Central Asian countries regulate biometric data through laws on personal data and have introduced biometric data collection for such purposes as internal biometric passports and national ID cards. In Uzbekistan, biometric data is regulated by a 2019 law that requires written consent from individuals for processing, with exceptions for criminal investigations and national security matters. Biometric identification in Uzbekistan is widely used in various sectors for authentication and service efficiency. Tajikistan regulates biometric data through a 2018 law on personal data with similar consent requirements and usage in such sectors as finance, state services, and healthcare.
Kazakhstan has a law on personal data protection and has launched state initiatives aimed at using biometric data to simplify identification procedures, enhance security, and improve access to public services. The government of Kazakhstan has set January 2024 as a start date for biometric data collection and plans to launch a digital biometric identification platform by that time.
However, biometric registration and digital identity measures in Central Asian countries have faced challenges in terms of effectiveness, data security, and privacy concerns.
Kyrgyzstan has not seen a significant decrease in crime rates or improved transparency in elections despite the implementation of biometric data collection. Uzbekistan and Kazakhstan have faced issues with data leaks while Tajikistan struggles with fake identification documents and lack of digital identification systems. Addressing these challenges is crucial for ensuring the protection of personal data, enhancing security, and improving the delivery of public and private services in the Central Asian region.
Key Findings
Other Central Asian countries regulate biometric data through laws on personal data and have introduced biometric data collection for such purposes as internal biometric passports and national ID cards. In Uzbekistan, biometric data is regulated by a 2019 law that requires written consent from individuals for processing, with exceptions for criminal investigations and national security matters. Biometric identification in Uzbekistan is widely used in various sectors for authentication and service efficiency. Tajikistan regulates biometric data through a 2018 law on personal data with similar consent requirements and usage in such sectors as finance, state services, and healthcare.
Kazakhstan has a law on personal data protection and has launched state initiatives aimed at using biometric data to simplify identification procedures, enhance security, and improve access to public services. The government of Kazakhstan has set January 2024 as a start date for biometric data collection and plans to launch a digital biometric identification platform by that time.
However, biometric registration and digital identity measures in Central Asian countries have faced challenges in terms of effectiveness, data security, and privacy concerns.
Kyrgyzstan has not seen a significant decrease in crime rates or improved transparency in elections despite the implementation of biometric data collection. Uzbekistan and Kazakhstan have faced issues with data leaks while Tajikistan struggles with fake identification documents and lack of digital identification systems. Addressing these challenges is crucial for ensuring the protection of personal data, enhancing security, and improving the delivery of public and private services in the Central Asian region.
Key Findings
Biometric registration of citizens has not significantly improved the transparency and fairness of the electoral process in Kyrgyzstan as other methods of vote manipulation such as vote-buying have been employed to influence election outcomes.
Not all citizens in Kyrgyzstan have undergone biometric registration leading to concerns about the inclusivity of the voters’ list, and the impact of preventing citizens from exercising their voting rights.
The initial collection of biometric data in Kyrgyzstan was reportedly accompanied by pressure on civil servants and pensioners to undergo biometric registration while the launch of the data collection was delayed multiple times due to technical issues.
Biometric data in Kyrgyzstan was not properly protected during and after the collection stage, leading to cases of stolen computers and lost USB flash drives containing biometric data.
Similar privacy concerns and data leaks have been reported in other Central Asian countries. In Uzbekistan, there have been cases of personal data theft and misuse, including the fraudulent scheme for obtaining US Green Cards using stolen information from official databases.
In Kazakhstan, incidents of personal data leaks from the Central Election Commission's database and a shared medical information database have demonstrated risks to citizens’ rights and data security.
Fake passports in Tajikistan have been linked to high-profile cases involving individuals who have joined terrorist organizations such as ISIS and committed terrorist attacks, highlighting the potential security risks associated with the use of fake biometric data.
The lack of digital identification systems in Tajikistan complicates the delivery of public and private services, including financial services, as most transfers are still done in cash form, and there is a need for more digital financial services in the country.
Key Recommendations
To ensure an effective implementation of biometric and digital identity programs in Central Asian countries it is recommended for:
Governments
Civil Society
International Organizations
- To strengthen data protection measures, including encryption, access controls, software updates, and regular audits.
- To review and update biometric registration laws to address gaps, clarify legal frameworks, and ensure compliance with international standards.
- To enhance cybersecurity measures to prevent data breaches and unauthorized access to personal data.
- To strengthen enforcement mechanisms, including increasing penalties for non-compliance and conducting regular audits.
- To increase accessibility of biometric national ID cards, particularly for vulnerable populations.
- To enhance interoperability of biometric ID cards for regional travel and cooperation.
- To establish a comprehensive and up-to-date list of biometric data for clarity and consistency in regulation.
- To enhance transparency and accountability in biometric data collection, storage, use, and transfer through informed consent, oversight, and audits.
Civil Society
- To monitor implementation, conduct assessments, and collaborate with all relevant stakeholders to address emerging challenges.
- To engage in dialogues ensuring that civil society’s perspectives are considered and advocate for inclusivity.
International Organizations
- To provide technical assistance, share best practices, and facilitate knowledge sharing on compliance with human rights standards.
- To monitor and assess human rights implications, advocate for privacy and freedom of expression.
- To collaborate with all relevant stakeholders ensuring a coordinated approach and share information, resources, and best practices.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).
