cellphone KwaZulu-Natal

Teenager killed by accomplice over stolen cellphone. Photo: Unsplash/Arpad Czapp

POPI Act won’t stop ICASA from making network providers collect your biometrics

ICASA wants network providers to collect biometric data like fingerprints and faces to prevent hijacking numbers and fraud.

cellphone KwaZulu-Natal

Teenager killed by accomplice over stolen cellphone. Photo: Unsplash/Arpad Czapp

Network providers like MTN and Vodacom may have to start collecting personal biometric information like fingerprints and faces to combat SIM swap fraud. Unfortunately, the Protection of Personal Information Act won’t stop the collections. 


In March the Independent Communications Authority of South Africa (ICASA) published draft regulations for public comment on its proposal to make network providers verify the identity of customers using biometrics.

Now that the government regulatory body has gotten its feedback, ICASA will now decide on the next steps.

Icasa’s proposed rules aim to combat rising SIM-swap fraud, where criminals hijack mobile numbers through either number porting or fraudulent SIM swaps.

Icasa’s draft regulations explain:

  • On activation of a mobile number on its network, operators must ensure that they collect and link the subscriber’s biometric data to the number.
  • Operators must ensure that, at all times, they have the current biometric data of an assigned mobile number.
  • Operators must only use the biometric data to authenticate subscribers.
  • If a subscriber requests a SIM swap, operators must ensure the biometric data of the user requesting the swap corresponds with the biometric data associated with the mobile number.
  • If the biometric data does not correspond, they must decline the SIM swap.

Network providers believe the regulations will increase customer security. 


Concerns surrounding the legality of collecting the biometric data and how it would be protected or falsified. Another is that it will make changing network providers more difficult

According to a MyBroadband report, Ahmore Burger-Smidt from Werksman Attorneys says concerns about ICASA’s regulations contravening the POPI Act regulations are baseless.

“The concerns relating to the processing and availability of personal information have the incorrect interpretation. The POPI Act does not place an absolute ban on the processing and use of personal information. It prescribes measures for how and when you can use it,”

says Burger-Smidt.

She says regulations surrounding biometric data and SIM cards should be mandated by the Regulation of Interception of Communications and Provision of Communication-related Information Act (Rica).

Rica stipulates that cellular users must prove their identity and residence before they can be issued a SIM card by network providers.

ALSO READ: Icasa urges locals to comment on SMS, data and voice extension proposal