The safety of the biometric and other data that will be collected in the new SIM-Card Registration Exercise has become a major concern, as IMANI Africa is demanding clarity from the government.
The country is preparing for a new SIM registration exercise next year after a number of failed attempts in previous years. Ahead of the exercise, IMANI is asking, What kind of system will hold and manage citizens’ personal data this time?
According to IMANI, there are two options available to the government, each coming with its own pros and concerns.
The choice between two very different digital identity models will determine whether Ghanaians enjoy strong privacy protections or face increased risks of surveillance and data misuse.
In a brief on the subject, IMANI indicated two contrasting architectures: the “Verify and Forget” privacy-preserving model and the “Verify, Link and Store” centralised model.
Each comes with serious implications for personal freedom, data protection, and public trust, and hence the call on the government for clarity.
The “Verify and Forget” Privacy Model – Designed to Protect You
IMANI explains that under this model, the National Identification Authority (NIA) checks your biometric details internally and simply tells your network provider “Yes, this person is verified” or “No, they’re not.”
With this model, no fingerprints, facial data, or personal files are being passed around.
Only a simple token and basic SIM information are stored, nothing that directly identifies you. Identity data and telecom data stay separate and can only be connected under strict court-approved conditions.
“In this federated trust model:
• The National Identification Authority verifies biometrics internally
• Only a binary flag, YES or NO, and a pseudonymous token are returned to the telco
• No biometric data ever leave the custody of the NIA
• SIM and device registers store only minimal data such as a token, SIM, IMEI and a verification flag
• Identity data and telecom usage data remain in separate layers, bridged only through a controlled Lawful Join Service requiring prior judicial authorisation,” IMANI explained.
This system, the think tank says, adheres to the country’s Constitution and Data Protection laws, and aligns with international best practices like GDPR.
Its biggest strength is that it avoids creating a database that could be abused during political tension or security overreach. In simple terms, it keeps your private life private.
The “Verify, Link and Store” Model — Convenient but Dangerous
IMANI notes this second model takes a different route. Here, once your identity is verified, the system binds everything to your Ghana Card.
This includes SIM cards, Device details, call logs, Mobile money transactions, and Location history, all in one place.
The think tank notes that this system creates a detailed picture of your daily life, where you go, who you talk to, how you spend money, and what devices you use.
IMANI warns that such a system can easily be misused, even if the intention today is good.
The danger is something experts call “function creep”, a system built for fraud prevention slowly turning into a powerful surveillance tool. Once the data is linked, there’s no technical barrier stopping misuse by future governments or rogue actors.
“This creates a high level of risk. When identity and usage datasets are linked by default, the system becomes vulnerable to political profiling, unwarranted monitoring and suppression of dissent,” IMANI observes.
It adds that, “The greatest danger is function creep, where a system intended for fraud prevention evolves into a powerful surveillance tool. Once such a system exists, there is no effective technical barrier that prevents misuse.”
Government Must Come Clean
For IMANI, the biggest concern is the lack of clarity. Ghanaians still do not know which model the government plans to use for the upcoming registration, leaving room for doubts and speculations.
IMANI insists the government must openly announce which model it is adopting. In addition, it is demanding whether citizens’ old biometric data are still being held, and how new data will be stored, linked, or protected.
With another compulsory registration approaching, IMANI says this uncertainty cannot continue. Citizens, it argues, deserve transparency about how their digital lives are being handled.
