A Kenyan court has ordered Worldcoin to delete biometric data it collected from thousands of citizens, following a privacy violation. The ruling has caused significant regulatory challenges for the cryptocurrency-linked identity project, which had operated in Kenya amid growing concerns about data protection and user privacy. Local media outlet Citizen Digital reported on the decision.
Deletion of Biometric Data Ordered for Worldcoin
The court’s decision specifically targets Worldcoin’s practice of using orbs to scan individuals’ irises in exchange for cryptocurrency, worth $50. Regulators determined that this process occurred without the proper consent from individuals and without an approved Data Protection Impact Assessment (DPIA), both of which are mandatory under Kenyan law.
The Office of the Data Protection Commissioner (ODPC) will oversee the deletion process. The regulator voiced concerns about Worldcoin’s management of personal data, warning that any continued data processing could lead to unauthorized changes or misuse of Kenyan citizens’ biometric data.
Concerns Raised by Kenyan Authorities
Deputy Data Commissioner Oscar Otieno filed an affidavit in court, stating that Worldcoin’s operations posed a risk to public safety. After reviewing the methods used by the company, he found that the project lacked transparency and posed potential risks to the personal data of Kenyan citizens.
Worldcoin Faces Legal Challenges to Restart Operations in Kenya
The court ruling also prohibits Worldcoin from continuing to process any data until it conducts a full DPIA and receives informed, valid consent from users. Regulators emphasized that these steps are not optional but essential under the Data Protection Act.
Although Worldcoin had planned to return to Kenya in 2024 to expand its digital identity tools and blockchain-linked incentives, this ruling complicates the company’s plans. The project, co-founded by Sam Altman, must now meet strict legal requirements before resuming operations in Kenya.
Kenya Scrutinizes Worldcoin’s Operations
Kenya’s government had raised concerns in 2023 regarding Worldcoin’s legitimacy, with the interior and information ministries clarifying that the data controller registration certificate issued to the company was not a valid license. The authorities also initiated “criminal investigations” to verify the authenticity and legality of Worldcoin’s activities in the country.
As part of the investigation, the ODPC ordered the immediate cessation of Worldcoin’s data processing activities. The Kenyan government has set up a multi-agency team to investigate the company’s operations and ensure the safety and protection of collected personal data.
