As people pay for groceries, access healthcare, board flights, apply for government services, and order food online using mobile money, a new layer of infrastructure is increasingly operating behind the scenes: digital identity.
Once associated primarily with passports and national ID cards, digital identity systems are rapidly expanding into everyday transactions. Governments, banks, retailers, healthcare providers, and technology companies are using digital verification tools to identify users, often without requiring physical documents.
Supporters argue that digital identity improves convenience, reduces fraud, and expands access to services. Critics, however, warn about privacy risks, data security, digital theft, surveillance concerns, and the possibility of excluding people who lack access to these digital tools.
The result is a growing global debate over how digital identity should evolve and what it will mean for ordinary citizens, such as in:
India
India's digital health initiatives allow patients to access and share medical records electronically through a unique digital health identity. The system aims to reduce paperwork, improve continuity of care, and enable healthcare providers to access patient histories more efficiently.
Estonia
Often cited as a global leader in digital governance, Estonia allows citizens to access healthcare records online through a secure digital identity system. Patients can view prescriptions, medical histories, laboratory results, and healthcare visits through a centralised platform.
Digital health systems are increasingly being explored across Africa as governments seek to improve service delivery and reduce fragmented patient records.
The risks: Why Africa must proceed carefully
While digital health records promise faster service delivery, improved patient outcomes, and better coordination between healthcare providers, experts warn that the technology also introduces significant risks if not properly governed.
Health records contain some of the most sensitive personal information, including medical histories, reproductive health information, genetic data, mental health records, and medication histories. If such data is accessed without authorisation, leaked, or sold, it could expose patients to discrimination, financial fraud, identity theft, or social stigma.
Cybersecurity also remains a major concern. Healthcare systems worldwide have become frequent targets for hackers because medical records can be highly valuable on black markets. A single breach can expose millions of patient records, potentially undermining public trust in digital health programmes.
A customer conducting mobile money transaction. (Photo: Handout)
A customer using a phone for money transaction. (Photo: Handout)
There are also concerns about function creep, where data collected for healthcare purposes is later used for unrelated activities such as commercial advertising, insurance risk assessments, law enforcement investigations, or political surveillance.
Without strong legal safeguards, like in many countries in Africa, citizens may lose control over how their personal health information is used.
Several countries are still developing comprehensive data protection frameworks while simultaneously digitising public services. But what happens if the data is compromised before good working policies are in place?
Banking and financial services
Financial institutions have become some of the largest adopters of digital identity technologies.
Kenya's mobile money ecosystem, led by M-Pesa, already relies heavily on digital identity verification. The digital identity is already deeply embedded in everyday financial services.
To register a SIM card in the country, for example, individuals must provide a national identification document, which is linked to broader civil registration systems, including birth records. Banks, mobile money providers, and fintech firms also rely on Know Your Customer (KYC) processes to verify identities before customers can access services.
This means that activities ranging from making a transaction to opening a bank account increasingly depend on authenticated digital identities. While this strengthens security and helps combat fraud, it also concentrates large volumes of personal data within interconnected systems, raising important questions about privacy, cybersecurity, and data governance.
Nigeria has expanded the use of digital financial identity through systems linking bank accounts to national identity numbers. The goal is to reduce fraud, improve compliance, and strengthen financial inclusion.
What can go wrong when government services go digital?
While digital government platforms can make services faster, more convenient, and accessible, they also create new risks when large amounts of citizen data and public funds are concentrated within a single system.
Kenya's eCitizen platform, for example, has transformed access to government services, enabling citizens to apply for passports, register businesses, pay taxes, renew driving licences, and access permits online. However, recent audits have highlighted governance, accountability, and security concerns that illustrate some of the challenges of large-scale digital identity systems.
In 2025, Auditor-General Nancy Gathungu flagged billions of shillings in questionable transactions, unaccounted funds, irregular payments, and weak oversight within the eCitizen payment ecosystem.
Auditor-General Nancy Gathungu on November 7, 2025. (Photo: Handout)
Audit findings raised concerns about governance gaps, discrepancies in financial records, and instances where public funds were allegedly diverted or could not be fully reconciled.
Beyond financial risks, digital government systems collect vast amounts of personal information.
A single digital identity profile may be linked to a person's national ID, birth records, tax information, business registrations, passport details, driving records, and contact information.
If such systems are compromised through cyberattacks, insider misuse, poor security practices, or unauthorised data sharing, the consequences could affect millions of citizens simultaneously.
Airports and Travel
Travel is rapidly becoming one of the most visible uses of digital identity.
The UAE has introduced biometric systems at major airports that use facial recognition to verify passengers during different stages of travel.
In some cases, passengers can move through sections of the airport without repeatedly presenting passports or boarding passes.
The European Union is, on the other hand, gradually expanding biometric border management systems designed to improve security while reducing processing times at border crossings.
Digital travel credentials are also being explored globally as a future alternative to traditional paper-based travel documents.
Industry experts predict that future international travel may involve facial recognition, digital passports, and mobile-based identity credentials replacing many physical verification processes.
The next evolution of digital payments:
Experts believe today's digital payments are only the beginning, and several technologies are already being tested or developed:
Facial recognition payments
Instead of tapping a card or phone, users may look at a camera to authorise payment.
Iris recognition
Scanning the unique patterns in a person's eyes could provide highly secure authentication.
Voice authentication
Banks and financial institutions are increasingly exploring voice biometrics as an additional layer of security.
Palm recognition
Palm-scanning systems are already being deployed in some retail environments and could become more widespread.
Token-based payments
Future payment systems may rely less on traditional account numbers and more on encrypted digital tokens that represent a user's verified identity.
Financial identity systems
Some experts envision a future where individuals maintain a secure digital financial identity that can be used across banks, payment providers, insurance companies, and government agencies.
Privacy concerns and the right to opt out
As digital identity systems expand, privacy advocates argue that individuals should maintain meaningful control over how their personal information is collected and used.
Key concerns include:
Data breaches and cyberattacks
Government surveillance
Commercial tracking and profiling
Unauthorised sharing of biometric data
Exclusion of people without access to digital technologies
Can you opt out?
The answer varies by country, platform, and service. In many cases, users can:
Decline facial recognition features
Use traditional passwords or PINs instead of biometrics
Request deletion of certain biometric data
Choose alternative payment methods
Opt out of personalised tracking settings
Limit permissions granted to apps and services
However, some government services, banking requirements, and border security systems may require certain forms of identity verification that cannot easily be avoided.
Privacy experts also recommend reading consent policies carefully, enabling security settings, limiting unnecessary data sharing, and understanding how personal information is stored and used.
Comments
Sign in with Google to comment, reply, and like comments.
Continue with Google