With the approval of the National Registry of Mobile Phone Users by the Mexican Congress, Mexico joins 17 countries whose laws require the registration of biometric data associated with SIM cards. Among them are Afghanistan, Saudi Arabia, Bahrain, Bangladesh, Benin, China, Nigeria, Oman, Pakistan, Peru, Singapore, Tajikistan, Tanzania, Thailand, Uganda, United Arab Emirates, and Venezuela.
The registry approved by the Senate will include information such as nationality, Unique Population Registry Code, a biometric element (fingerprint, facial or retina recognition), address, company providing the service, and contracting scheme, according to what was approved on Tuesday.
According to information retrieved by Privacy International, a non-governmental organization, and Comparitech, a consumer platform, the measures taken in different countries to associate biometric data with a cell phone line range from requiring fingerprints to facial recognition.
It depends on each country, but the penalties for not registering biometric data when acquiring a SIM card (subscriber identity module), or even falsifying the information, range from fines for mobile operators to suspension of lines and even imprisonment for a year or two for users.
In China, facial recognition is required, as in Singapore with SingTel, while in Nigeria and Thailand both facial recognition and fingerprinting are mandatory. In Tanzania, Saudi Arabia, Uganda, Pakistan, Bahrain, Bangladesh, Tajikistan, United Arab Emirates, Oman, Afghanistan, Benin, Peru, and Venezuela fingerprints are required.
Apart from these 17 countries joined by Mexico, in Mozambique, it is optional to ask for fingerprints instead of official identification when purchasing a cell phone line.
According to a study carried out in January 2020 by the GSM Association, which brings together mobile operators and companies associated with telecommunications, in 155 countries it was mandatory to register personal data when acquiring a SIM, whether it was the name, national ID number, or address; and at that time eight percent of the countries required mobile operators to collect biometric data.
The association reported that most countries ask for some personal data with the registration of a line, but 34 more do not; among them Mexico, Nicaragua, United States, Canada, Holland, Portugal, Slovenia, Switzerland, United Kingdom, Moldova, Lithuania, Liechtenstein, Latvia, Ireland, Iceland, Finland, Estonia, Denmark, Czech Republic, Croatia, Bosnia and Herzegovina, Vanuatu, Solomon Islands, Samoa, New Zealand, Nauru, Micronesia, Marshall Islands, Kiribati, Israel, Hong Kong, Georgia, Comoros, and Cape Verde.
According to Comparitech, the "worst policies" for SIM registration are those that ask for biometric data; since they are often not accompanied by personal data regulation, there are no clear definitions of the period in which the state can safeguard such information, and because authorities can massively tap phone lines and access personal information without a court order.
Despite growing evidence that mandatory SIM registration is costly, intrusive, and not the solution to the problem that most countries are trying to solve, more and more governments are trying to implement it every year, warns Privacy International.
With the approval of the National Register of Mobile Phone Users, in less than a month two surveillance measures have been imposed on all those who have a cell phone. Since March 23, digital banking clients must allow access to their location when performing operations, given that "banks are obliged to obtain and keep the real-time geolocation of the device" to avoid money laundering, informed the Association of Banks of Mexico.