By Christina Chan-Meetoo & Sarah Chiumbu
The new Minister of Information Technology, Communication and Innovation recently announced that Government will go ahead with the Mobile ID project. In light of the recent announcement, it seems timely to recall the key points raised in our policy brief titled Smart ID Cards in Mauritius: Balancing Rights and Freedoms with National Identification Needs, which was published by Intelwatch (1) in July 2024. 
Our paper provided an in-depth examination of the successsive regulatory changes in Mauritius’s national identification system as well as proposed updates to the system, including the Mobile ID. We examined the broader implications for privacy, data protection, and national security and made recommendations to ensure that the system aligns with international best practices while safeguarding citizens’ rights.
It should be noted that the policy brief is part of an international comparative research project on digital surveillance in Southern African countries. So far, Mauritius forms part of the case studies of successful public oversight which comprise various forms of mobilisations, to which authorities have been generally responsive.
Overview of Latest Regulatory Instruments
Government introduced three key legal frameworks to regulate the National Identity Card system:
- National Identity Card Regulations 2024
- National Identity Card (Card Usage) Regulations 2024
- National Identity Card (Mobile ID) Regulations 2024
These instruments set out the legal and operational framework for the issuance, usage, and digital adaptation of national identity documents. Their stated aim was to modernise the country’s identification system, increase efficiency, and integrate advanced security features.
Two phases: a new Smart ID card and a Mobile ID
As per our understanding, the latest rollout of the National Identity Card system is being conducted in two phases:
l The first phase, launched in February 2024, introduced the new physical smart ID card. It has been stated that the card is embedded with advanced security features to prevent fraud and identity theft.
l The second phase, still in development, involves the introduction of a Mobile ID. This would allow citizens to access a digital version of their ID through a dedicated mobile application. The current Minister of Information Technology, Communication and Innovation has recently announced at a workshop for Data Protection Officers that the Mobile ID card would be “implemented as per Data Protection guidelines”.
Key features of the Smart ID and Mobile ID
l Biometric Integration: The new smart ID card was supposed to contain biometric features, including fingerprint data, which would enhance security and prevent unauthorised usage. As reported by the Government Information Service in January 2025, the new Minister, speaking about the mobile ID, “reassured the population that it will not involve selfie photographs and middleware but will be based on the physical identity card without any biometric data”.
l Digital Authentication: The Mobile ID is supposed to provide a secure way for citizens to verify their identity digitally when accessing government and private sector services.
l Increased Accessibility: The system would be designed to streamline access to various services, such as banking, healthcare, and e-government portals.
l Data Encryption and Protection: The security architecture is intended to prevent unauthorised access and misuse of personal data.
Potential concerns regarding privacy and data protection
While the modernisation of the identification system aims to improve efficiency and security, it has raised significant concerns about data privacy, state surveillance, and individual rights. Our policy brief highlights the following areas of concern:
- Compliance with the Data Protection Act (2017)
One of the primary concerns is whether the Mobile ID system fully complies with Mauritius’s Data Protection Act (2017), which is based on the European Union’s General Data Protection Regulation (GDPR). The Act guarantees individuals’ control over their personal data and mandates that personal information should be collected and processed transparently and for specific lawful purposes. Our brief calls for greater scrutiny of how the Mobile ID will handle personal data. The latest announcements by the
Minister of Information Technology, Communication and Innovation suggest that such concerns would now be taken into account in the development of the Mobile ID project.
- Proportionality and Data Processing Control
Our policy brief recommends a proportionality test to ensure that only necessary biometric data is collected and stored. Citizens should have control over how their data is processed, including the ability to access, rectify, or delete their data as needed. There is concern that excessive data collection may infringe on citizens’ rights and could be misused if not properly regulated. At the same January 2024 workshop, the Data Protection Commissioner is said to have cited the Government Programme 2025-2029 “which lays emphasis on strengthening measures pertaining to the protection and management of personal and sensitive data as well as the consolidation of the constitutional right to privacy”.
- Risks of Unlawful Surveillance
Another major concern is the potential for the Mobile ID system to be used for unlawful surveillance. Our report urges the government to implement strong safeguards against any misuse of the system, ensuring that it is used strictly for identification purposes and not for tracking citizens’ activities beyond legal limits.
- Independent Security Audits and System Transparency
Our brief strongly recommends conducting independent security audits of the Mauritius National Identity Card (MNIC) 3.0 system. These audits should assess vulnerabilities and ensure the highest standards of data security and privacy protection. Mauritius has previously committed to the United Nations Human Rights Committee that its identification system would adhere to fundamental privacy rights, and external audits would help fulfill this commitment.
- Exemptions Under the Data Protection Act
A specific point of contention is Section 44 of the Data Protection Act, which allows the Prime Minister to exempt certain data from privacy regulations on grounds of national security. Our brief argues that these exemptions should be used sparingly and must include sufficient oversight to prevent abuse. Without clear limitations, this exemption could undermine data protection safeguards, leading to potential rights violations.
Potential Benefits of the Smart ID System
Despite these concerns, our policy brief acknowledges several potential benefits of the new system:
l Enhanced National Security: The integration of biometric authentication and encryption reduces the risk of identity fraud and strengthens national security.
l Efficiency in Service Delivery: Citizens would experience faster and more seamless interactions with government agencies and private services that require identity verification.
l Financial Inclusion: The Mobile ID could help improve access to banking and financial services, particularly for citizens who face barriers to traditional banking systems.
l E-Government Expansion: A reliable digital identity system would facilitate the development of e-government services, reducing bureaucracy and improving convenience for the public.
Recommendations
for a Balanced Approach
Our policy brief concludes with several key recommendations to ensure that the Smart ID and Mobile ID systems serve their intended purpose without compromising citizens’ rights:
- Strict Compliance with Data Protection Laws: The government must ensure that all components of the Mobile ID system align with the Data Protection Act (2017) and GDPR principles as already stated by the Minister and the Data Commissioner in January 2024.
- Implementation of a Proportionality Test: Only the minimum necessary biometric and personal data should be collected and stored.
- Independent Security Audits: Regular, third-party audits must be conducted to evaluate the security and transparency of the system.
- Protection Against Misuse for Surveillance: Clear legal safeguards should be established to prevent the Mobile ID system from being exploited for unwarranted surveillance or other non-consensual tracking.
- Clarification of Data Privacy Exemptions: The government should clearly define and limit the circumstances under which Section 44 of the Data Protection Act can be invoked, ensuring proper oversight mechanisms.
6. Public Awareness and Literacy Campaigns: The success of the new identification system depends on citizen engagement and understanding. The government should conduct nationwide educational campaigns to inform the public about the benefits, risks, and safeguards associated with the Smart ID and Mobile ID.
Conclusion
The introduction of the new Smart ID Card and Mobile ID system in Mauritius represents a major step toward a modernised national identification framework. While the system promises efficiency, security, and convenience, it also raises critical concerns about data privacy, surveillance, and personal freedoms. Our policy brief has tried to provide a balanced analysis of these issues and outlined practical recommendations to ensure that the system aligns with international best practices and citizens’ rights.
Ultimately, the success of this initiative will depend on the government’s commitment to transparency, data protection, and public engagement. By implementing the recommended safeguards, Mauritius can create a secure and rights-respecting national identification system that benefits all its citizens without compromising their freedoms.
…
1.https://intelwatch.org.za/wp-content/uploads/2024/08/Mauritius-smart_ID_card_amendments_v2_fin.pdf