There is some development.

I've seen some of the registration kiosks for Worldcoin have closed shop with the sign "closed until further notice".

This is likely because of this advisory from the Office of the Data Protection Commissioner (ODPC) "Calls for Vigilance from the Public as It Engages WorldCoin on Compliance with Data Protection Act, 2019." https://twitter.com/ODPC_KE/status/1684869953378283520

In the Press Release, ODPC 

1. "calls for increased vigilance from the public as it continues to engage with Worldcoin, and entity processing activities of iris data through an Orb, to ensure compliance with the Data Protection Act, 2019"

What does increased vigilance from the public mean?

2. "As the ODPC conducts its assessment of WorldCoin's practices to ensure compliance with the law, Kenyans are urged that they receive proper information before disclosing any personal or sensitive data. Individuals are advised to thoroughly inquire about how their data will be used."

Here the public is advised to exercise informed consent. Should Worldcoin continue collecting iris data if it is not compliant with Kenya's DPA, or properly licensed?

3. "The office will continue to engage with organizations to prompt compliance with the law and protect the privacy of Kenyans"

Finally, the way Kenya's Data Protection Act, 2019 is framed, can Worldcoin be compliant even if they tried? To be compliant, they would need to have the following in place

1. Worldcoin must respect individuals' rights regarding their personal data. This includes the right to access, correct, and delete their data, as well as the right to object to processing in certain situations.

2. Data Minimization: Worldcoin should only collect and process the minimum amount of personal data necessary to fulfill its purpose. It should avoid unnecessary data collection and ensure that data is not retained longer than required.

3. Lawful Basis: Worldcoin should identify a lawful basis for processing personal data. This could be based on obtaining explicit consent from users or any other lawful basis specified in the Data Protection Act, 2019.

4. Implement appropriate technical and organizational measures to safeguard the personal data it collects. This could include encryption, access controls, and regular security audits.

5. Cross-Border Data Transfers: If Worldcoin transfers data outside of Kenya, it must comply with the regulations regarding cross-border data transfers, which may require obtaining explicit user consent or ensuring the receiving country has adequate data protection laws.

6. Data Breach Notification: In the event of a data breach that poses a risk to individuals' rights and freedoms, Worldcoin should promptly notify the relevant authorities and affected users. We are hoping Worldcoin is acting in good faith, and if they are breached, they will notify the data subjects and the authorities.

7. Appointment of Data Protection Officer (DPO) to oversee data protection compliance.

8. Data Protection Impact Assessment (DPIA) to assess and mitigate potential risks to individuals' privacy.

9. Avoid sharing users' personal data with third parties unless necessary for the purposes of the cryptocurrency project and with the explicit consent of the user.

Best Regards,

______________________

Mwendwa Kivuva, Nairobi, Kenya
https://www.linkedin.com/in/mwendwa-kivuva

On Wed, 26 Jul 2023 at 23:43, Paul Magacha <magacha.cirrus.techvue@gmail.com> wrote:

There's Gardrn city, two rivers mall, next gen mall and now sarit centre 

I'm yet to understand why Sam Altman of OpenAI is targeting third world and developing countries with this.

Sent from my iPhone

On 24 Jul 2023, at 23:47, Peter Wakaba via KICTANet <kictanet@lists.kictanet.or.ke> wrote:



Worldcoin's cryptocurrency token WLD debuted today on the world's largest cryptocurrency trading platform Binance to quite a bit of hype.

The company defines its tools as a digital identity protocol aiming to support humanity in the age of AI, which consist of a privacy-preserving digital identity and a digital currency (WLD) received simply for being human (and registered on their platform via the 'orb'.

On Mon, Jul 24, 2023 at 4:16 PM Mwendwa Kivuva via KICTANet <kictanet@lists.kictanet.or.ke> wrote:

Worldcoin was founded by Sam Altman, who also founded OpenAI, the company behind ChatGPT.  Worldcoin is an iris biometric cryptocurrency project that has scanned and stored the eyes of millions of people across the world.

Apart from invading our shopping malls to harvest eye iris data, I've now seen they are operating from inside supermarkets, most recently from inside Quickmarts in Nairobi.

This is an important discussion because Worldcoin has been operating in Kenya for more than a year, collecting biometric iris scans of the uninformed consenting public. We had a discussion here, and it was not clear if the Office of the Data Protection Commissioner (ODPC) had given content for such eternal personally identifiable data to be collected. 

The privacy implications of Worldcoin collecting biometric iris scans of poor people are significant.

1) The data could be used to track people's movements and activities. Iris scans are unique to each individual and can be used to identify people even if they are wearing disguises. This means that Worldcoin could track poor people's movements, including where they go, who they meet, and what they do. This could be used to target them for marketing or surveillance purposes.
2) The data could be used to discriminate against poor people. Iris scans could be used to deny poor people access to services or opportunities. For example, a bank could use iris scans to deny a loan application from a poor person, or an employer could use iris scans to reject a job application from a poor person.
3) The data could be hacked or stolen. If the data is hacked or stolen, it could be used to commit identity theft or other crimes. This could have a devastating impact on poor people, who may not have the resources to recover from identity theft.

4. Obtaining informed consent is essential when collecting sensitive biometric data. Poor individuals may not fully understand the implications of providing their biometric data or may feel pressured to participate due to their socio-economic situation, potentially leading to uninformed or coerced consent.

5. There's a concern that the initial purpose of collecting biometric data for cryptocurrency verification might evolve into other uses without adequate consent or oversight, leading to function creep and expanded surveillance. 

Informed consent is a process in which data subjects give permission for something to happen after they have been given and understood all the relevant information about it. Informed consent requires data subjects to understand the purpose of the data collection. This is one of the four elements of informed consent, along with information, comprehension, and voluntariness. There are some concerns about Worldcoin's consent process.

1. The consent form is not clear about what data is being collected. The consent form does not explicitly state that Worldcoin is collecting biometric data, such as iris scans. Instead, the form simply states that Worldcoin is collecting "personal data." This could lead users to believe that they are only giving consent to the collection of non-sensitive personal data, such as their name and address.
2. The consent form is not easy to understand. The consent form is written in complex legal language that is difficult for many people to understand. This could make it difficult for users to understand what they are consenting to.
3. The consent form is not easy to revoke. Once users have given consent to Worldcoin to collect their biometric data, it is difficult to revoke their consent. Users must send a written request to Worldcoin, and the company is not required to delete the data immediately.

There is an exciting read from MIT claiming that Worldcoin has built a biometric database from the bodies of the poor using deceptive practices: Read along here https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/ 

Which direction should African and global majority countries take in regard to Western companies harvesting personally identifiable data from their citizens?

Best Regards,

______________________

Mwendwa Kivuva, Nairobi, Kenya
https://www.linkedin.com/in/mwendwa-kivuva

_______________________________________________
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/

Mailing List Posts Online: https://posts.kictanet.or.ke/

Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/

KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.

KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.

_______________________________________________
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/

Mailing List Posts Online: https://posts.kictanet.or.ke/

Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/

KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.

KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.

_______________________________________________
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/

Mailing List Posts Online: https://posts.kictanet.or.ke/

Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/

KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.

KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.