Kenya’s Ad hoc committee investigating the Worldcoin matter has made shocking allegations against the company, stating that its actions “constituted acts of espionage and a threat to statehood.” These allegations have raised concerns over the company’s operations and its purported mining of data from Kenyans through iris scanning in exchange for cryptocurrency tokens. The committee, led by Narok West MP Gabriel Tongoyo, has called for a thorough investigation into two associated foreign companies, Tools for Humanity (TFH) Corp and Tools for Humanity (TFH) GmbH, for allegedly operating illegally in Kenya. This article delves into the key findings of the committee’s investigation and highlights the urgent need for legal reform in Kenya’s digital economy.
The Alleged Violations
Worldcoin had a presence in 30 locations across Nairobi, including malls and learning institutions, starting from May 2021. However, the committee’s investigations have revealed various alleged violations by the company and its associated foreign entities. The companies are believed to be in violation of multiple Kenyan laws, including the Data Protection Act, Consumer Protection Act, and Computer Misuse and Cybercrimes Act. Shockingly, neither company appears in the Business Registration Services database of registered businesses or companies in Kenya, indicating their lack of legal authorization to conduct any business in the country.
Furthermore, Worldcoin applied for registration as a data controller on August 22, 2022, a year after commencing its activities in Kenya, which is a clear violation of the Data Protection Act of 2019. The committee’s investigations were prompted by public concern over Worldcoin’s questionable activities, especially the transmission of real-time iris images converted into digital code to the company’s third-party servers located overseas. While Worldcoin claims to have securely stored the collected data in Amazon Web Services based in South Africa, doubts remain regarding the ability to retract and delete the data when necessary. Additionally, the transfer of personal data outside Kenya raises concerns about compliance with Section 48 of the Data Protection Act.
Implications for Kenyan Public
The fallout from the Worldcoin controversy has underscored the urgent need for comprehensive legislation and oversight in Kenya’s rapidly evolving digital economy. The investigation revealed that approximately 350,000 Kenyans had registered by the time Worldcoin’s activities were suspended by the government on August 2, 2023. This raises concerns about the security and privacy of the data collected from these individuals.
It is clear that existing laws are insufficient to protect the rights and personal data of the Kenyan public. This unfortunate situation emphasizes the pressing need for legal reforms to ensure that companies operate within the confines of the law and that the privacy and data rights of individuals are safeguarded.
Kenya’s National Assembly members have criticized Information, Communication, and the Digital Economy Cabinet Secretary, Eliud Owalo, for providing misleading information regarding Worldcoin’s operations in Kenya. Owalo, during an interview with NTV on August 2, claimed that Worldcoin was operating within the parameters of the Data Act 2019. However, he later denied making such statements during the committee’s proceedings. This discrepancy has led to his censure for misleading the public.
Parliament has been urged to harmonize laws to regulate the growing cryptocurrency sector in the country. The findings of the investigation highlight the inconsistencies in Owalo’s statements, prompting the need for legislative intervention. The committee’s recommendations include governing the collection of biodata, considering its implications on privacy, security, health concerns, and human rights. Members of the National Assembly are also pushing for amendments to grant the Office of the Data Protection Commission (ODPC) more discretion in imposing administrative fines and aligning the Data Protection Act with global standards.
In response to the Worldcoin controversy, the committee has proposed stringent requirements for foreign companies seeking registration as data processors or controllers in Kenya. These companies would need to provide proof of registration with local regulatory bodies and full disclosure regarding the utilization and storage of collected personal and sensitive data. Additionally, there are calls for the creation of a board to oversee the daily operations of the Commissioner of Data Protection and ensure stricter compliance with data protection matters.
These proposed reforms aim to strengthen the regulatory framework governing data collection and protection in Kenya. They will be crucial in ensuring that individuals’ privacy is respected, their personal data is secured, and foreign companies operate within the framework of the law.
The Worldcoin controversy has shed light on the need for robust legal reforms in Kenya’s digital economy. The committee’s investigations have exposed the alleged violations committed by Worldcoin and its associated foreign entities, emphasizing the importance of comprehensive legislation and oversight. The situation also revealed misleading information from government officials, further underscoring the urgency for legal reforms and a harmonized approach to regulate the cryptocurrency sector. With stringent requirements for foreign companies seeking registration and a focus on privacy and data protection, Kenya can ensure that individuals’ rights and personal data are safeguarded in the evolving digital landscape.
Leave a Reply