National ID Ethiopia Principles
1. Privacy and Minimal Data Collection
This entire program aims to design and implement a foundational ID system for Ethiopia at the national level. For all intents and purposes, “National ID” shall mean Foundational Digital ID. From this program’s perspective, the term “National ID” is synonymous to the term “Foundational ID” for communication and reporting purposes.
Only those data necessary for establishing uniqueness will be collected. All data collected, stored in the NID database and/or published in the ID credential focuses on minimal data required to identify an individual, namely “Full Name”, “Gender”, “Current Address” and “Date of Birth”, all other data is optional, including citizenship information.
Moreover, sensitive or unnecessary data such as occupation of the individual, his/her religion or ethnicity, birth place or other similar data will NOT be collected.
Other optional fields including phone number and email are taken for further interaction and notification purposes. Consent from individuals to participate in the Pilot will be obtained by using the following statement:
“You are hereby informed that your personal information is being collected for the purpose of being included in a national ID database for issuing a personal digital identification. This information may be shared or otherwise automatically processed only in connection with that purpose. Third parties will not have access to this data without your consent. You have the right to inspect your data, audit its history and correct any errors by contacting us on www.id.et”
A log of all individuals who are so informed will be maintained where the register of other data collected in connection with this program is maintained.
To remove barriers to inclusion and following the international guidelines, the National Foundational ID service will be available to all citizens and non-citizens (legal residents) who can provide any type of acceptable evidence including an appropriate witness/es that can attest on the individual’s behalf called Introducer. The introducer practice has already been in use for the Kebele-ID although it has mainly been practised by citizens.
- Inclusion Principles:
- Leave no one behind
- Ensure universal access for individuals, free from discrimination
- Remove barriers to access
3. Authentication Mechanisms and Standards
The owner of the identity data is the individual and will have the mandate to manage how it should be used at the individual level. Accordingly, all rules set forth on the annexed personal data protection proclamation will be complied with during the pilot .All tests will be performed by using a formal consent from every registrant that participates during the pilot period.
4. Usage of Credentials
Different forms of credentials may be issued for registered individuals that can allow both online and offline authentication. Until such time as defined by proclamation, the ID credentials issued by NIDP shall only be applicable to the purposes for which the ID is issued and its scope will be limited to provision of services for the particular relying party that has signed an agreement with the program. Hence, all identity credentials issued by NID while this Protocol Document is valid, i.e. until such time as ID Law comes into force to establish an ID authority, will not have a legal role to play as a foundational ID but a functional one to serve the aforementioned list of use-cases. Accordingly, the credentials are not mandatory and a prerequisite for different types of functional services currently provided using the Kebele ID.
5. Vendor Neutrality and Open Standards Based
The program focuses on vendor neutrality and remaining in technology ownership of the core ID platform. This arrangement ensures individual data remains secure under NIDP, also known as the “Data Controller” and not the vendors or other third parties. The hardware vendors as well as ABIS and other software vendors should be interchangeable and the platform will remain independent of a specific type of hardware technology or software license.
6. Security in Design
This platform gives the highest priority for security as a platform that holds sensitive data and it provides the basis for many other functional services across the nation. Communication between any end-points, including enrollment stations, supervisor and admin portals, authentication stations, resident service portals and backup sites are all end-to-end encrypted. This offers individuals, service providers and authentication parties the trust and confidence that their personal data and interaction is secure, tamper-free and not accessible without their knowledge and active consent.
- Design Principles:
- Establish a trusted – unique, secure, and accurate – identity
- Create and responsive and interoperable platform (flexible and scalable)
- Use open standards and prevent vendor technology lock-in.
- Protect privacy and agency through system design
- Plan for financial and operational sustainability
7. Grievance redressal and management
- All individuals enrolled on NID system will have the right to inspect their personal data and audit its history on the platform provided by NID (www.id.gov.et)
- An internal grievance redressal committee will be established to address grievances based on internal procedures, ID draft laws, this protocol document and internal national legislation.
- If individuals encounter any errors or problems in their personal data, they can contact NID through digital means on www.id.gov.et, via a toll-free call center on 9188 or by personally going to any of the designated enrollment centers.
- Any other grievances or complaints can be reported on site during the enrollment processes or directly to NID via the above mentioned mechanisms. A complaints officer will log the grievance report and a redressal workflow will be initiated.
NID prioritizes transparency and as such all non-personal or non-sensitive data, including activities of the program, anonymous statistical data, audit reports and other findings will be publicly published.
- Governance principles focus on:
- Oversight, Security and Accountability
- Safeguard data privacy, security, and user rights through a comprehensive legal and regulatory framework.
- Establish clear institutional mandates with transparency and accountability.
- Enforce legal and trust frameworks through independent oversight and compliance with UN and international laws.
10. Relationship with Relying Parties
- The pilot and the subsequent country rollout will depend on relying parties to scale its reach. The strategy that will be followed towards the successful completion of the batch registration will primarily focus on functional use-cases that offer the individual the benefit of ID supported trustworthy services.
- The pilot will be operational and will involve different organizations which include local authorities (regions, zones/sub-cities, and woredas). Furthermore, a selected use case can imply the direct participation of different organizations. As an example, the selected PSNP (Productive Safety Net Program) use case will require the direct involvement of three other ministries (Ministry of Agriculture, Ministry of Urban Development and Construction and Ministry of Labor and Social Affairs) as well as the Federal Urban Job Creation and Food Security Agency which the program has already began contacting.
11. Permanent Independent Entity
- As depicted on the program’s component and progress model (section 2.1 and figure 2), it should be noted that the government, and the NIDP thereof, will work towards passing of the “ID Law” that establishes a permanent independent ID authority. This Protocol Document shall serve as a guiding principle for procedural decision and adjudication until an ID Authority is formally established.
- Since the National ID Program is a nationwide service, it falls under federal government jurisdiction. However, as a regulatory organ, the National ID Authority may be subject to the supervision of the highest law making entity – the house of peoples’ representatives.
13. Procedure for penality
An internal tribunal will be established to adjudicate reported cases of fraud or illegal activities reported within the scope of NID. This internal tribunal will be composed of legal, technical and administrative personnel. Decisions will be made based on internal procedures, ID laws, this protocol document and internal national legislation and appropriate administrative measures taken against the offending entities.
Any other proven misuse, fraud or legally accountable cases that need to be administered through currently operational Civil or Criminal Codes, including those who are found to commit intentional fraud, identity theft and other illegal activities will be reported by the NID Program to appropriate bodies.
National ID Program Ethiopia endorsed the 10 principles of Identity for Development (ID4D) which are stated as Identification for sustainable Development: Towards the Digital Age.
See full text of the principles via the link below