In the government’s latest push to expand tax revenue, the Kenya Revenue Authority (KRA) ‘s new device registration plan is stirring debates over privacy.

The initiative, which requires tracking of all mobile devices through unique identifiers known as IMEI numbers, is facing backlash from both Parliament and Safaricom, the country’s leading telecom company, due to potential privacy risks for millions of Kenyan mobile users.

Under these rules, all mobile devices entering Kenyan networks must be registered on a KRA-maintained database to ensure compliance with local taxes.

However, as details emerge, privacy advocates, lawmakers, and Safaricom have raised alarms about how the plan could impact citizens’ privacy and deter digital growth.

The Communications Authority (CA) recently issued new guidelines mandating that mobile network operators, importers, and phone retailers upload each device’s IMEI number to a centralized system managed by KRA.

This regulation aims to create a master database of compliant devices, but lawmakers are concerned about the potential for overreach. Committee Chair John Kiarie voiced his concerns, questioning the level of access granted to KRA and whether such a system could lead to misuse.

“This isn’t just about compliance,” Kiarie argued. “How do we ensure this doesn’t scare Kenyans away from digital transactions?”

MPs, like Tetu’s Geoffrey Wandeto, echoed this sentiment, citing recent controversies around data privacy as cautionary tales.

Wandeto emphasized the need for careful consideration, particularly to avoid inconveniencing expatriates and visitors whose devices may now need to be registered and tracked upon entering the country.

Safaricom’s CEO, Peter Ndegwa, has taken a cautious stance on the policy, stressing that while the company is committed to supporting tax compliance efforts, it must protect its subscribers’ information.

Ndegwa clarified that no subscriber data or IMEI numbers are currently shared with KRA, and the company intends to keep it that way.

 “The intent here is to broaden the tax base by ensuring that all devices purchased in Kenya contribute fairly to the tax pool. But this needs to be done in a way that respects user privacy and does not harm digital engagement,” Ndegwa explained.

He noted that other countries often find ways to verify tax compliance without requesting individual user data, a model he believes KRA should consider.

Responding to concerns, CA Director General David Mugonyi clarified that the directive originated from a presidential mandate aimed at device tax compliance rather than monitoring user behaviour.

According to Mugonyi, only unregistered devices with unpaid taxes will receive notifications. If no action is taken, these devices may be restricted from accessing local networks, while a temporary “grey list” would accommodate diplomats and tourists.

To further address privacy worries, Mugonyi emphasized that devices connected to Kenyan networks before October 31, 2024, will be exempt from the new regulations.

The compliance requirement will apply only to devices connected to Kenyan networks after this date, alleviating fears for existing users.

Additionally, Edward Kisiangani, Principal Secretary for Broadcasting, suggested that international data-sharing agreements may be necessary to prevent redundant taxes on devices that were already taxed abroad.

 KRA has long sought to integrate M-Pesa transaction data into the tax base, given the platform’s substantial revenue impact and widespread usage.

 While this effort aligns with tax collection goals, it faces opposition due to privacy concerns, especially given M-Pesa’s significant role in Kenya’s digital economy.

 Safaricom continues to oppose direct data sharing, arguing that user privacy must be prioritized to maintain digital financial trust. The device registration initiative could bring both benefits and challenges to Kenya’s digital economy.

 International visitors may face requirements to register their devices, and network access for local users may hinge on compliance. Safaricom worries these regulations, if poorly managed, could curb Kenya’s digital momentum and reduce public trust.

 “Kenya has been a leader in digital innovation,” Ndegwa emphasized. “As these policies unfold, it’s vital to protect both user privacy and the progress we’ve made in the digital sector.”

 Kenya’s device compliance drive underscores the tension between government revenue efforts and data privacy in an increasingly digital society.

 With a mobile penetration rate of 133% and over 68.8 million SIM subscriptions in Kenya, KRA’s device compliance policy reflects a new era of tax tracking through digital platforms.

 While the initiative aligns with revenue goals, both Safaricom and members of Parliament have emphasized that privacy must be respected.

 The Communications Authority’s assurances and Safaricom’s advocacy for responsible data practices highlight an emerging balance between regulatory compliance and individual privacy rights in Kenya.

As KRA, CA, and Safaricom continue discussions, the outcome will set a crucial precedent for handling privacy and tax compliance in Kenya’s digital ecosystem.

 The next few months will determine whether the government can find a balance between revenue goals and privacy protections, setting a standard for similar initiatives in the future.