Kenya’s High Court mandates Worldcoin to erase biometric data collected from over 300,000 citizens, setting a precedent for digital privacy in Africa.
In a landmark ruling on May 7, 2025, Kenya’s High Court ordered Worldcoin, the biometric cryptocurrency initiative co-founded by OpenAI’s Sam Altman, to delete all biometric data collected from Kenyan citizens. The court found that Worldcoin’s data collection practices violated Kenya’s Data Protection Act of 2019, emphasizing the importance of ethical data practices in digital identity projects.
What Happened?
Worldcoin’s operations in Kenya began in 2022, attracting thousands of citizens who participated by scanning their irises with a device called the “Orb” to receive digital tokens. However, concerns quickly arose regarding the project’s compliance with Kenya’s data protection laws. In August 2023, the Kenyan government suspended Worldcoin’s activities, citing potential risks to national security and data integrity.
Despite the suspension, Worldcoin announced plans to resume operations in Kenya in June 2024, following the closure of a criminal investigation by the Directorate of Criminal Investigations (DCI). The company stated its commitment to working with the Kenyan government and hoped to restart World ID registration nationwide.
The recent court ruling, however, complicates Worldcoin’s plans, emphasizing the need for strict adherence to data protection regulations. Kenya’s decisive action aligns with a growing global pushback against Worldcoin’s biometric data practices. Countries like Indonesia have suspended the project’s operations over similar privacy concerns.
Why This Matters
Kenya’s ruling serves as a reminder of the critical need for transparency, ethical data practices, and respect for individual privacy in the deployment of new technologies. As digital identity initiatives continue to emerge, this case underscores the importance of conducting thorough Data Protection Impact Assessments (DPIAs) and obtaining valid consent from participants.
Here’s What This Means for Nigerians
For Tech Startups:
- Data Compliance: Nigerian startups must ensure compliance with the Nigeria Data Protection Regulation (NDPR) when handling user data.
- Ethical Practices: Transparent communication and ethical data collection practices are essential to build trust with users.
For Policymakers:
- Regulatory Frameworks: Strengthening data protection laws and enforcement mechanisms is crucial to safeguard citizens’ privacy.
- International Collaboration: Engaging with international counterparts can help harmonize data protection standards and address cross-border data challenges.
For Consumers:
- Awareness: Nigerians should be cautious about sharing biometric data and understand their rights under data protection laws.
- Advocacy: Civil society organizations can play a role in advocating for stronger data privacy protections and holding companies accountable.
From Nairobi to Lagos, the message is clear: digital innovation must go hand in hand with robust data protection. As Africa embraces the digital age, safeguarding citizens’ privacy is not just a legal obligation—it’s a moral imperativ
