SIM card registration is the process of recording the details of the person who owns a SIM card. This might occur through using an official ID, passport, or proof of address; in some countries, biometrics are also collected. Usually, the details are held by the state, even if a telecommunications company collects the information. It allows the state to know the identity of the owner of a SIM card, and thus who is most likely making a call or sending a message.
Governments require telecommunications companies to store communications or metadata for a period of time, a practice called data retention. Increasingly, financial services such as insurers, lenders, banks, and financial mobile app startups, are collecting and exploiting a broad breadth of data to make decisions about people, including reading the contents of text messages to determine suitability for a loan. Mobile money transfer services use SMS to transmit details of transactions.
Especially in the absence of comprehensive data protection legislation and judicial oversight, SIM users' information can be shared and matched with other private and public databases, enabling the state to create comprehensive profiles of individual citizens, and enabling companies and third parties to access a vast amount of data. This is yet another way for government and industry to build identity systems to support their needs to administer, govern, and profit. In turn, they are being used to facilitate targeting, profiling and surveillance. It is essential to limit the purposes for which an identity system is built and used.