Last March, the Assembly of People's Representatives passed the bill introducing biometric passports and identity cards. These documents are intended to replace the old passport and identity card models, in order to comply with international standards. They will be equipped with an electronic chip containing personal data such as surname, first name and date of birth, as well as biometric data such as fingerprints and facial features.

This controversial project had been in the drawers of various governments for years. Habib Essid in particular wanted to implement it, but the project was put on hold. The project was relaunched in 2020, but the political events that followed brought it to a halt once again. Although the move to passports and identity cards is in line with the times, this law poses a number of problems in terms of personal data protection and cybersecurity.

In an interview with Jeune Afrique, Chawki Gaddes, former Chairman of the Instance Nationale de Protection des Données Personnelles, asserts that the law makes no mention of the database, despite the fact that it is the processing of personal data by the State that is at the heart of the battle to protect personal data. According to Gaddes, personal data should be destroyed 90 days after the documents are issued. However, this is not guaranteed by Tunisian law.

Data storage by the Ministry of the Interior can be interpreted as a desire to extend population control. In fact, Tunisia has introduced a system of video surveillance cameras coupled with a facial recognition system, with the aim of reinforcing security, but this can also be interpreted as a desire to increase surveillance of the population.

Finally, when it comes to personal data, we must not forget the risks of hacking. As Tunisia is a long way from international cybersecurity standards, the storage of such data can represent a great danger in the event of a cyberattack.