Worldcoin illegally collected biometric data, according to the Kenyan government

Worldcoin illegally collected biometric data, according to the Kenyan government

Kenya’s ICT and digital economy cabinet secretary, Eliud Owalo, was questioned today about Worldcoin’s operations in Kenya. According to Owalo, the firm collected iris data illegally, and there are plans to preserve that data before an assesment is made about the case. 

Worldcoin‘s woes in Kenya are far from over. Today, two cabinet ministers were questioned by members of parliament about how Worldcoin set up shop locally, how it secured the required licenses for operation, and what will happen to the facial and iris data of nearly 400,000 Kenyans in possession of Tools for Humanity, the German organisation behind Worldcoin. These questions were answered with varying levels of accuracy. While the responses from the cabinet secretary for ICT and the digital economy, Eliud Owalo, and his colleague in the interior ministry, Kithure Kindiki, are far from exhaustive, the individuals will be subjected to another series of questioning in a week to provide more clarity on the entire situation.

Worldcoin’s data controller certificate has its limitations 

According to Owalo, Worldcoin was registered as a data controller in Kenya by the Office of the Data Protection Commissioner (ODPC). However, the license did not imply that Worldcoin had free rein to process user data in the country; the ODPC issued the certificate merely to confirm that Worldcoin was recognised in Kenya and nothing more. “The certificate simply signifies that an entity is known to the ODPC and that it processes personal data of persons located in Kenya. Further, it does not amount to certification of the processing activities of the entity or serve as an endorsement from the ODPC of an entity’s compliance with the provisions of the Data Protection Act or any other laws, including but not limited to the constitution of Kenya 2010,” Owalo explained. 

The cabinet secretary further clarified that the ODPC issued the certificate to Worldcoin after it had produced the necessary documents “pursuant to the registration regulations”. 

Who authorised the collection of biometric data? 

When posed with this question, Owalo did not provide a comprehensive answer, instead he provided snippets from existing data protection laws. For instance, he reminded parliament that Worldcoin had been registered as a data controller in April 2023. “An entity required to process personal data is required to identify itself with the ODPC by registering with the office. And pursuant to the Data Protection Act 2019, an entity should therefore make an application for registration as a data controller where it determines the purpose and means of handling personal data,” said Owalo. 

The CS further elaborated on the process by which a data processor applies the ODPC, particularly in cases where the organisation manages data for a data controller as per a contractual obligation. Certain companies can register as both data controllers and data processors.

Owalo emphasised that this certificate indicated Worldcoin’s adherence to specific sections of the Data Protection Act 2019, specifically for registration. “The license does not in any manner endorse an entity’s compliance with the Data Protection Act or its subsidiary regulations, nor is it a valid license for an organisation to operate In Kenya,” he added.

To this end, it is clear that Worldcoin was only issued a data controller certificate that did not grant any authority to collect iris data from Kenyans. However, the company harvested this crucial biometric information, after which the affected Kenyans received slightly over $54 worth of World tokens.

“There is a divergence between mere registration and operationalisation in conformity to the law. Registration does not imply that a company operating in Kenya has been given authority to behave in a manner that it deems appropriate,” Owalo clarified. 

What will happen to the already collected biometric data? 

According to Owalo, in May this year, the Kenyan government instructed Worldcoin to cease collecting iris data. The directive was followed by a crackdown in August by multiple agencies, including the ODPC and the Communications Authority of Kenya (CA), to halt operations in the country after the issue gained widespread media coverage.

The Kenyan government has sought preservation orders from the courts to facilitate the completion of the ongoing investigation into Worldcoin’s activities. Several agencies are conducting the assessment. This will ensure that Worldcoin is obligated to preserve all personal data of Kenyans collected during the operation.

The results of this investigation will be presented in parliament next week.

Get the best African tech newsletters in your inbox

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : TechCabal – https://techcabal.com/2023/08/09/worldcoin-operated-illegally-in-kenya/

Exit mobile version