Kenya’s Ad hoc committee investigating the Worldcoin matter has brought to light alarming allegations regarding the company’s actions. According to local media, the committee claims that Worldcoin’s activities have “constituted acts of espionage and a threat to statehood.” The company, known for its controversial practice of scanning Kenyans’ irises in exchange for cryptocurrency tokens, operated in multiple locations across Nairobi from May 2021. The committee, led by Narok West MP Gabriel Tongoyo, has taken the issue seriously and called for an investigation into two associated foreign companies, Tools for Humanity (TFH) Corp and Tools for Humanity (TFH) GmbH, for allegedly operating illegally in Kenya. These revelations have sparked a larger discussion about data privacy, national security, and the need for comprehensive legislation in Kenya’s digital economy.
The committee’s investigations have identified multiple breaches of Kenyan laws by Worldcoin and its associated companies. The findings indicate that neither Tools for Humanity Corp nor Tools for Humanity GmbH appear in the Business Registration Services database, suggesting that they lack the legal mandate to conduct business in Kenya. Additionally, Worldcoin’s late registration as a data controller, a year after it began its operations in the country, is a violation of the Data Protection Act of 2019. These violations raise concerns about the protection of Kenyans’ personal data and highlight the urgency for stronger legislation in this rapidly evolving digital landscape.
One of the primary concerns surrounding Worldcoin’s activities is the transmission of real-time iris images to its third-party servers located overseas. While the company claims that the collected data was securely stored in Amazon Web Services based in South Africa, doubts remain about the ability to retract and delete this information when necessary. Furthermore, the transfer of personal data outside Kenya may not comply with Section 48 of the Data Protection Act. This raises questions about the security and privacy of Kenyans’ data, emphasizing the need for strict oversight and regulations in the handling of sensitive information.
Public concern over Worldcoin’s practices was the catalyst for the committee’s investigations. Kenyans have expressed their discontent with the company’s actions, leading to widespread outrage and demands for stronger safeguards. The government’s decision to suspend Worldcoin’s activities on August 2, 2023, reflects the gravity of the situation. Furthermore, Information, Communication, and the Digital Economy Cabinet Secretary, Eliud Owalo, faced criticism from members of the National Assembly for providing misleading information about Worldcoin’s operations. This political fallout highlights the urgency for harmony in laws regulating cryptocurrency in Kenya, and the need for accurate and transparent communication from government officials.
Kenya’s National Assembly members have recognized the need for comprehensive legislation to regulate the growing cryptocurrency industry in the country. The committee’s recommendations highlight the significance of governing the collection of biodata, as it has implications for privacy, security, health concerns, and human rights. Additionally, there is a push for amendments to the law to grant the Office of the Data Protection Commission (ODPC) more discretionary power in imposing administrative fines, aligning the Data Protection Act with global standards. Proposals are also being discussed regarding the creation of a board to oversee the daily operations of the Commissioner, ensuring stricter compliance with data protection matters. Foreign companies seeking registration as data processors or controllers in Kenya would need to provide proof of registration with local regulatory bodies and full disclosure on the utilization and storage of collected personal and sensitive data.
The Worldcoin scandal in Kenya serves as a wake-up call for both the government and the public regarding the importance of data privacy and national security. It has shed light on the vulnerabilities that exist in the digital economy and the urgent need for comprehensive legislation to protect individuals’ rights and data. Moving forward, it is crucial for the government to work towards strengthening existing laws, establishing oversight mechanisms, and enhancing public awareness about data protection. Furthermore, the collaboration between regulatory bodies, such as the ODPC and the private sector, is vital in ensuring the responsible and ethical use of data in Kenya’s evolving digital landscape. Only through these efforts can the country strike a balance between innovation, economic growth, and the protection of its citizens’ privacy and security.
