FB pixel

Worldcoin biometrics collection faces more scrutiny in Kenya, skepticism in India

Worldcoin biometrics collection faces more scrutiny in Kenya, skepticism in India

Worldcoin, the project that wants to scan your iris biometrics in exchange for some of its cryptocurrency, continues to attract regulators in Kenya and skepticism in countries like India, which has just come out with its new data privacy law.

After Kenyan data protection authorities ordered Worldcoin to suspend enrolments earlier this month and police raided its offices in Nairobi, the East African country has formed a parliamentary committee to investigate the company’s operations.

The 15-member team, led by parliament member Gabriel Tongoyo, will have 42 days to submit its report. Other state agencies, including those covering security, protection and financial services, have started their own inquiries to establish the legality of Worldcoin’s operations, The Star reports.

The main issue troubling Kenyan regulators is Worldcoin’s plan to register citizens through the collection of iris data. Kenya’s Office of the Data Protection Commissioner (ODPC), which has been looking into the company since 2022, argues that the company is likely to violate the local Data Protection Act by handling user data, including iris and face biometrics.

The government is also facing pressure from rights organizations. Amnesty International and the Open Institute have expressed concern over the lack of information on security measures and the data collected.

“Preliminary statements from State agencies suggest a significant data breach in Kenya. We urgently call for thorough and independent investigations by the Data Commissioner,” the organizations say in a statement published by The Star.

The NGOs also called for clarifications on whether Worldcoin submitted a Data Protection Impact Assessment and whether the company obtained proper consent from its users. One of the criticisms the project has faced is that many people are lured by the promise of easy money in exchange for a quick eyeball scan and are not aware of potential trade-offs such as limited legal action against the company.

Alex Blania, a co-founder of Worldcoin, has defended the project aimed at providing each person in the world with digital IDs and financial services by emphasizing its commitment to privacy and security. But regulators in countries such as the UK, France and Germany – which has launched its own investigation – have been turning their gaze toward the crypto project. Its latest criticism comes from India.

India’s new data law may not be enough to protect users from Worldcoin: Rights lawyer

The Indian Parliament has passed its new Digital Personal Data Protection Act with implementation expected within 10 months. The Act will affect Worldcoin’s plans to collect data from users in India but they may not be enough to guarantee accountability, Prasanna S., a lawyer at digital rights organization Article 21 Trust, explains in an interview with tech outlet Medianama.

“We know the safeguards are not anywhere near the ideal that we want,” says Prasanna.

In India, it is legal to create a database of biometric data such as Worldcoin so long as it is optional and the consent is free and informed. Unless it can be established that significant harm was caused by the data collection activity, it’s going to be very difficult to move in a policy direction that prevents private companies from collecting biometric data, he notes.

This may present a problem: Unlike state projects such as India’s ID number Aadhaar which is closely followed by the public, with private projects that collect biometric data the regulatory regime is “very superficial.”

“It’s not just a privacy-related concern,” says Prasanna. “When the work of private companies impacts fundamental rights or human rights users or citizens at large, what is the accountability?”

An analysis by Medianama states that Worldcoin’s collection of user data in India appears to be legal.

India’s current data protection regime, dating from 2000, classifies bank details and biometric information as sensitive personal information. Companies need to disclose the purpose for which it has been collected while allowing people the option to delete or correct the data being collected.

Worldcoin defines a clear purpose for which it is collecting data – to prevent fraudulent users from signing up more than once – and offers a consent form explaining that the company will retain  unique iris code based on the image of the users’ irises obtained through their imaging device, the Orb.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Biometrics White Papers

Biometrics Events

Explaining Biometrics