Deception and exploitation : How Worldcoin recruited its first million test users
Worldcoin was founded by Sam Altman, who also founded OpenAI, the company behind ChatGPT. Worldcoin is an iris biometric cryptocurrency project that has scanned and stored the eyes of millions of people across the world. Apart from invading our shopping malls to harvest eye iris data, I've now seen they are operating from inside supermarkets, most recently from inside Quickmarts in Nairobi. This is an important discussion because Worldcoin has been operating in Kenya for more than a year, collecting biometric iris scans of the uninformed consenting public. We had a discussion here, and it was not clear if the Office of the Data Protection Commissioner (ODPC) had given content for such eternal personally identifiable data to be collected. The privacy implications of Worldcoin collecting biometric iris scans of poor people are significant. 1) The data could be used to track people's movements and activities. Iris scans are unique to each individual and can be used to identify people even if they are wearing disguises. This means that Worldcoin could track poor people's movements, including where they go, who they meet, and what they do. This could be used to target them for marketing or surveillance purposes. 2) The data could be used to discriminate against poor people. Iris scans could be used to deny poor people access to services or opportunities. For example, a bank could use iris scans to deny a loan application from a poor person, or an employer could use iris scans to reject a job application from a poor person. 3) The data could be hacked or stolen. If the data is hacked or stolen, it could be used to commit identity theft or other crimes. This could have a devastating impact on poor people, who may not have the resources to recover from identity theft. 4. Obtaining informed consent is essential when collecting sensitive biometric data. Poor individuals may not fully understand the implications of providing their biometric data or may feel pressured to participate due to their socio-economic situation, potentially leading to uninformed or coerced consent. 5. There's a concern that the initial purpose of collecting biometric data for cryptocurrency verification might evolve into other uses without adequate consent or oversight, leading to function creep and expanded surveillance. Informed consent is a process in which data subjects give permission for something to happen after they have been given and understood all the relevant information about it. Informed consent requires data subjects to understand the purpose of the data collection. This is one of the four elements of informed consent, along with information, comprehension, and voluntariness. There are some concerns about Worldcoin's consent process. 1. The consent form is not clear about what data is being collected. The consent form does not explicitly state that Worldcoin is collecting biometric data, such as iris scans. Instead, the form simply states that Worldcoin is collecting "personal data." This could lead users to believe that they are only giving consent to the collection of non-sensitive personal data, such as their name and address. 2. The consent form is not easy to understand. The consent form is written in complex legal language that is difficult for many people to understand. This could make it difficult for users to understand what they are consenting to. 3. The consent form is not easy to revoke. Once users have given consent to Worldcoin to collect their biometric data, it is difficult to revoke their consent. Users must send a written request to Worldcoin, and the company is not required to delete the data immediately. There is an exciting read from MIT claiming that Worldcoin has built a biometric database from the bodies of the poor using deceptive practices: Read along here https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency... Which direction should African and global majority countries take in regard to Western companies harvesting personally identifiable data from their citizens? Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva
Worldcoin's cryptocurrency token WLD debuted today on the world's largest cryptocurrency trading platform Binance to quite a bit of hype. The company defines its tools as a digital identity protocol aiming to support humanity in the age of AI, which consist of a privacy-preserving digital identity and a digital currency (WLD) received simply for being human (and registered on their platform via the 'orb'. On Mon, Jul 24, 2023 at 4:16 PM Mwendwa Kivuva via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Worldcoin was founded by Sam Altman, who also founded OpenAI, the company behind ChatGPT. Worldcoin is an iris biometric cryptocurrency project that has scanned and stored the eyes of millions of people across the world.
Apart from invading our shopping malls to harvest eye iris data, I've now seen they are operating from inside supermarkets, most recently from inside Quickmarts in Nairobi.
This is an important discussion because Worldcoin has been operating in Kenya for more than a year, collecting biometric iris scans of the uninformed consenting public. We had a discussion here, and it was not clear if the Office of the Data Protection Commissioner (ODPC) had given content for such eternal personally identifiable data to be collected.
The privacy implications of Worldcoin collecting biometric iris scans of poor people are significant.
1) The data could be used to track people's movements and activities. Iris scans are unique to each individual and can be used to identify people even if they are wearing disguises. This means that Worldcoin could track poor people's movements, including where they go, who they meet, and what they do. This could be used to target them for marketing or surveillance purposes. 2) The data could be used to discriminate against poor people. Iris scans could be used to deny poor people access to services or opportunities. For example, a bank could use iris scans to deny a loan application from a poor person, or an employer could use iris scans to reject a job application from a poor person. 3) The data could be hacked or stolen. If the data is hacked or stolen, it could be used to commit identity theft or other crimes. This could have a devastating impact on poor people, who may not have the resources to recover from identity theft. 4. Obtaining informed consent is essential when collecting sensitive biometric data. Poor individuals may not fully understand the implications of providing their biometric data or may feel pressured to participate due to their socio-economic situation, potentially leading to uninformed or coerced consent. 5. There's a concern that the initial purpose of collecting biometric data for cryptocurrency verification might evolve into other uses without adequate consent or oversight, leading to function creep and expanded surveillance.
Informed consent is a process in which data subjects give permission for something to happen after they have been given and understood all the relevant information about it. Informed consent requires data subjects to understand the purpose of the data collection. This is one of the four elements of informed consent, along with information, comprehension, and voluntariness. There are some concerns about Worldcoin's consent process.
1. The consent form is not clear about what data is being collected. The consent form does not explicitly state that Worldcoin is collecting biometric data, such as iris scans. Instead, the form simply states that Worldcoin is collecting "personal data." This could lead users to believe that they are only giving consent to the collection of non-sensitive personal data, such as their name and address. 2. The consent form is not easy to understand. The consent form is written in complex legal language that is difficult for many people to understand. This could make it difficult for users to understand what they are consenting to. 3. The consent form is not easy to revoke. Once users have given consent to Worldcoin to collect their biometric data, it is difficult to revoke their consent. Users must send a written request to Worldcoin, and the company is not required to delete the data immediately.
There is an exciting read from MIT claiming that Worldcoin has built a biometric database from the bodies of the poor using deceptive practices: Read along here https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency...
Which direction should African and global majority countries take in regard to Western companies harvesting personally identifiable data from their citizens?
Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
There's Gardrn city, two rivers mall, next gen mall and now sarit centre I'm yet to understand why Sam Altman of OpenAI is targeting third world and developing countries with this. Sent from my iPhone
On 24 Jul 2023, at 23:47, Peter Wakaba via KICTANet <kictanet@lists.kictanet.or.ke> wrote:
Worldcoin's cryptocurrency token WLD debuted today on the world's largest cryptocurrency trading platform Binance to quite a bit of hype. The company defines its tools as a digital identity protocol aiming to support humanity in the age of AI, which consist of a privacy-preserving digital identity and a digital currency (WLD) received simply for being human (and registered on their platform via the 'orb'.
On Mon, Jul 24, 2023 at 4:16 PM Mwendwa Kivuva via KICTANet <kictanet@lists.kictanet.or.ke> wrote: Worldcoin was founded by Sam Altman, who also founded OpenAI, the company behind ChatGPT. Worldcoin is an iris biometric cryptocurrency project that has scanned and stored the eyes of millions of people across the world.
Apart from invading our shopping malls to harvest eye iris data, I've now seen they are operating from inside supermarkets, most recently from inside Quickmarts in Nairobi.
This is an important discussion because Worldcoin has been operating in Kenya for more than a year, collecting biometric iris scans of the uninformed consenting public. We had a discussion here, and it was not clear if the Office of the Data Protection Commissioner (ODPC) had given content for such eternal personally identifiable data to be collected.
The privacy implications of Worldcoin collecting biometric iris scans of poor people are significant.
1) The data could be used to track people's movements and activities. Iris scans are unique to each individual and can be used to identify people even if they are wearing disguises. This means that Worldcoin could track poor people's movements, including where they go, who they meet, and what they do. This could be used to target them for marketing or surveillance purposes. 2) The data could be used to discriminate against poor people. Iris scans could be used to deny poor people access to services or opportunities. For example, a bank could use iris scans to deny a loan application from a poor person, or an employer could use iris scans to reject a job application from a poor person. 3) The data could be hacked or stolen. If the data is hacked or stolen, it could be used to commit identity theft or other crimes. This could have a devastating impact on poor people, who may not have the resources to recover from identity theft. 4. Obtaining informed consent is essential when collecting sensitive biometric data. Poor individuals may not fully understand the implications of providing their biometric data or may feel pressured to participate due to their socio-economic situation, potentially leading to uninformed or coerced consent. 5. There's a concern that the initial purpose of collecting biometric data for cryptocurrency verification might evolve into other uses without adequate consent or oversight, leading to function creep and expanded surveillance.
Informed consent is a process in which data subjects give permission for something to happen after they have been given and understood all the relevant information about it. Informed consent requires data subjects to understand the purpose of the data collection. This is one of the four elements of informed consent, along with information, comprehension, and voluntariness. There are some concerns about Worldcoin's consent process.
1. The consent form is not clear about what data is being collected. The consent form does not explicitly state that Worldcoin is collecting biometric data, such as iris scans. Instead, the form simply states that Worldcoin is collecting "personal data." This could lead users to believe that they are only giving consent to the collection of non-sensitive personal data, such as their name and address. 2. The consent form is not easy to understand. The consent form is written in complex legal language that is difficult for many people to understand. This could make it difficult for users to understand what they are consenting to. 3. The consent form is not easy to revoke. Once users have given consent to Worldcoin to collect their biometric data, it is difficult to revoke their consent. Users must send a written request to Worldcoin, and the company is not required to delete the data immediately.
There is an exciting read from MIT claiming that Worldcoin has built a biometric database from the bodies of the poor using deceptive practices: Read along here https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency...
Which direction should African and global majority countries take in regard to Western companies harvesting personally identifiable data from their citizens?
Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
There is some development. I've seen some of the registration kiosks for Worldcoin have closed shop with the sign "closed until further notice". This is likely because of this advisory from the Office of the Data Protection Commissioner (ODPC) "Calls for Vigilance from the Public as It Engages WorldCoin on Compliance with Data Protection Act, 2019." https://twitter.com/ODPC_KE/status/1684869953378283520 In the Press Release, ODPC 1. "calls for increased vigilance from the public as it continues to engage with Worldcoin, and entity processing activities of iris data through an Orb, to ensure compliance with the Data Protection Act, 2019" What does increased vigilance from the public mean? 2. "As the ODPC conducts its assessment of WorldCoin's practices to ensure compliance with the law, Kenyans are urged that they receive proper information before disclosing any personal or sensitive data. Individuals are advised to thoroughly inquire about how their data will be used." Here the public is advised to exercise informed consent. Should Worldcoin continue collecting iris data if it is not compliant with Kenya's DPA, or properly licensed? 3. "The office will continue to engage with organizations to prompt compliance with the law and protect the privacy of Kenyans" Finally, the way Kenya's Data Protection Act, 2019 is framed, can Worldcoin be compliant even if they tried? To be compliant, they would need to have the following in place 1. Worldcoin must respect individuals' rights regarding their personal data. This includes the right to access, correct, and delete their data, as well as the right to object to processing in certain situations. 2. Data Minimization: Worldcoin should only collect and process the minimum amount of personal data necessary to fulfill its purpose. It should avoid unnecessary data collection and ensure that data is not retained longer than required. 3. Lawful Basis: Worldcoin should identify a lawful basis for processing personal data. This could be based on obtaining explicit consent from users or any other lawful basis specified in the Data Protection Act, 2019. 4. Implement appropriate technical and organizational measures to safeguard the personal data it collects. This could include encryption, access controls, and regular security audits. 5. Cross-Border Data Transfers: If Worldcoin transfers data outside of Kenya, it must comply with the regulations regarding cross-border data transfers, which may require obtaining explicit user consent or ensuring the receiving country has adequate data protection laws. 6. Data Breach Notification: In the event of a data breach that poses a risk to individuals' rights and freedoms, Worldcoin should promptly notify the relevant authorities and affected users. We are hoping Worldcoin is acting in good faith, and if they are breached, they will notify the data subjects and the authorities. 7. Appointment of Data Protection Officer (DPO) to oversee data protection compliance. 8. Data Protection Impact Assessment (DPIA) to assess and mitigate potential risks to individuals' privacy. 9. Avoid sharing users' personal data with third parties unless necessary for the purposes of the cryptocurrency project and with the explicit consent of the user. Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva On Wed, 26 Jul 2023 at 23:43, Paul Magacha <magacha.cirrus.techvue@gmail.com> wrote:
There's Gardrn city, two rivers mall, next gen mall and now sarit centre
I'm yet to understand why Sam Altman of OpenAI is targeting third world and developing countries with this.
Sent from my iPhone
On 24 Jul 2023, at 23:47, Peter Wakaba via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Worldcoin's cryptocurrency token WLD debuted today on the world's largest cryptocurrency trading platform Binance to quite a bit of hype. The company defines its tools as a digital identity protocol aiming to support humanity in the age of AI, which consist of a privacy-preserving digital identity and a digital currency (WLD) received simply for being human (and registered on their platform via the 'orb'.
On Mon, Jul 24, 2023 at 4:16 PM Mwendwa Kivuva via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Worldcoin was founded by Sam Altman, who also founded OpenAI, the company behind ChatGPT. Worldcoin is an iris biometric cryptocurrency project that has scanned and stored the eyes of millions of people across the world.
Apart from invading our shopping malls to harvest eye iris data, I've now seen they are operating from inside supermarkets, most recently from inside Quickmarts in Nairobi.
This is an important discussion because Worldcoin has been operating in Kenya for more than a year, collecting biometric iris scans of the uninformed consenting public. We had a discussion here, and it was not clear if the Office of the Data Protection Commissioner (ODPC) had given content for such eternal personally identifiable data to be collected.
The privacy implications of Worldcoin collecting biometric iris scans of poor people are significant.
1) The data could be used to track people's movements and activities. Iris scans are unique to each individual and can be used to identify people even if they are wearing disguises. This means that Worldcoin could track poor people's movements, including where they go, who they meet, and what they do. This could be used to target them for marketing or surveillance purposes. 2) The data could be used to discriminate against poor people. Iris scans could be used to deny poor people access to services or opportunities. For example, a bank could use iris scans to deny a loan application from a poor person, or an employer could use iris scans to reject a job application from a poor person. 3) The data could be hacked or stolen. If the data is hacked or stolen, it could be used to commit identity theft or other crimes. This could have a devastating impact on poor people, who may not have the resources to recover from identity theft. 4. Obtaining informed consent is essential when collecting sensitive biometric data. Poor individuals may not fully understand the implications of providing their biometric data or may feel pressured to participate due to their socio-economic situation, potentially leading to uninformed or coerced consent. 5. There's a concern that the initial purpose of collecting biometric data for cryptocurrency verification might evolve into other uses without adequate consent or oversight, leading to function creep and expanded surveillance.
Informed consent is a process in which data subjects give permission for something to happen after they have been given and understood all the relevant information about it. Informed consent requires data subjects to understand the purpose of the data collection. This is one of the four elements of informed consent, along with information, comprehension, and voluntariness. There are some concerns about Worldcoin's consent process.
1. The consent form is not clear about what data is being collected. The consent form does not explicitly state that Worldcoin is collecting biometric data, such as iris scans. Instead, the form simply states that Worldcoin is collecting "personal data." This could lead users to believe that they are only giving consent to the collection of non-sensitive personal data, such as their name and address. 2. The consent form is not easy to understand. The consent form is written in complex legal language that is difficult for many people to understand. This could make it difficult for users to understand what they are consenting to. 3. The consent form is not easy to revoke. Once users have given consent to Worldcoin to collect their biometric data, it is difficult to revoke their consent. Users must send a written request to Worldcoin, and the company is not required to delete the data immediately.
There is an exciting read from MIT claiming that Worldcoin has built a biometric database from the bodies of the poor using deceptive practices: Read along here https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency...
Which direction should African and global majority countries take in regard to Western companies harvesting personally identifiable data from their citizens?
Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Office of the Data Protection Commissioner did not carry out due diligence before registering Worldcoin activities in the country, ICT Cabinet Secretary Eliud Owalo told Parliament on Monday. https://www.the-star.co.ke/news/2023-09-11-owalo-throws-data-commissioner-un... On Sat, Jul 29, 2023, 3:07 PM Mwendwa Kivuva via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
There is some development.
I've seen some of the registration kiosks for Worldcoin have closed shop with the sign "closed until further notice".
This is likely because of this advisory from the Office of the Data Protection Commissioner (ODPC) "Calls for Vigilance from the Public as It Engages WorldCoin on Compliance with Data Protection Act, 2019." https://twitter.com/ODPC_KE/status/1684869953378283520
In the Press Release, ODPC 1. "calls for increased vigilance from the public as it continues to engage with Worldcoin, and entity processing activities of iris data through an Orb, to ensure compliance with the Data Protection Act, 2019" What does increased vigilance from the public mean? 2. "As the ODPC conducts its assessment of WorldCoin's practices to ensure compliance with the law, Kenyans are urged that they receive proper information before disclosing any personal or sensitive data. Individuals are advised to thoroughly inquire about how their data will be used." Here the public is advised to exercise informed consent. Should Worldcoin continue collecting iris data if it is not compliant with Kenya's DPA, or properly licensed? 3. "The office will continue to engage with organizations to prompt compliance with the law and protect the privacy of Kenyans"
Finally, the way Kenya's Data Protection Act, 2019 is framed, can Worldcoin be compliant even if they tried? To be compliant, they would need to have the following in place 1. Worldcoin must respect individuals' rights regarding their personal data. This includes the right to access, correct, and delete their data, as well as the right to object to processing in certain situations. 2. Data Minimization: Worldcoin should only collect and process the minimum amount of personal data necessary to fulfill its purpose. It should avoid unnecessary data collection and ensure that data is not retained longer than required. 3. Lawful Basis: Worldcoin should identify a lawful basis for processing personal data. This could be based on obtaining explicit consent from users or any other lawful basis specified in the Data Protection Act, 2019. 4. Implement appropriate technical and organizational measures to safeguard the personal data it collects. This could include encryption, access controls, and regular security audits. 5. Cross-Border Data Transfers: If Worldcoin transfers data outside of Kenya, it must comply with the regulations regarding cross-border data transfers, which may require obtaining explicit user consent or ensuring the receiving country has adequate data protection laws. 6. Data Breach Notification: In the event of a data breach that poses a risk to individuals' rights and freedoms, Worldcoin should promptly notify the relevant authorities and affected users. We are hoping Worldcoin is acting in good faith, and if they are breached, they will notify the data subjects and the authorities. 7. Appointment of Data Protection Officer (DPO) to oversee data protection compliance. 8. Data Protection Impact Assessment (DPIA) to assess and mitigate potential risks to individuals' privacy. 9. Avoid sharing users' personal data with third parties unless necessary for the purposes of the cryptocurrency project and with the explicit consent of the user.
Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva
On Wed, 26 Jul 2023 at 23:43, Paul Magacha < magacha.cirrus.techvue@gmail.com> wrote:
There's Gardrn city, two rivers mall, next gen mall and now sarit centre
I'm yet to understand why Sam Altman of OpenAI is targeting third world and developing countries with this.
Sent from my iPhone
On 24 Jul 2023, at 23:47, Peter Wakaba via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Worldcoin's cryptocurrency token WLD debuted today on the world's largest cryptocurrency trading platform Binance to quite a bit of hype. The company defines its tools as a digital identity protocol aiming to support humanity in the age of AI, which consist of a privacy-preserving digital identity and a digital currency (WLD) received simply for being human (and registered on their platform via the 'orb'.
On Mon, Jul 24, 2023 at 4:16 PM Mwendwa Kivuva via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Worldcoin was founded by Sam Altman, who also founded OpenAI, the company behind ChatGPT. Worldcoin is an iris biometric cryptocurrency project that has scanned and stored the eyes of millions of people across the world.
Apart from invading our shopping malls to harvest eye iris data, I've now seen they are operating from inside supermarkets, most recently from inside Quickmarts in Nairobi.
This is an important discussion because Worldcoin has been operating in Kenya for more than a year, collecting biometric iris scans of the uninformed consenting public. We had a discussion here, and it was not clear if the Office of the Data Protection Commissioner (ODPC) had given content for such eternal personally identifiable data to be collected.
The privacy implications of Worldcoin collecting biometric iris scans of poor people are significant.
1) The data could be used to track people's movements and activities. Iris scans are unique to each individual and can be used to identify people even if they are wearing disguises. This means that Worldcoin could track poor people's movements, including where they go, who they meet, and what they do. This could be used to target them for marketing or surveillance purposes. 2) The data could be used to discriminate against poor people. Iris scans could be used to deny poor people access to services or opportunities. For example, a bank could use iris scans to deny a loan application from a poor person, or an employer could use iris scans to reject a job application from a poor person. 3) The data could be hacked or stolen. If the data is hacked or stolen, it could be used to commit identity theft or other crimes. This could have a devastating impact on poor people, who may not have the resources to recover from identity theft. 4. Obtaining informed consent is essential when collecting sensitive biometric data. Poor individuals may not fully understand the implications of providing their biometric data or may feel pressured to participate due to their socio-economic situation, potentially leading to uninformed or coerced consent. 5. There's a concern that the initial purpose of collecting biometric data for cryptocurrency verification might evolve into other uses without adequate consent or oversight, leading to function creep and expanded surveillance.
Informed consent is a process in which data subjects give permission for something to happen after they have been given and understood all the relevant information about it. Informed consent requires data subjects to understand the purpose of the data collection. This is one of the four elements of informed consent, along with information, comprehension, and voluntariness. There are some concerns about Worldcoin's consent process.
1. The consent form is not clear about what data is being collected. The consent form does not explicitly state that Worldcoin is collecting biometric data, such as iris scans. Instead, the form simply states that Worldcoin is collecting "personal data." This could lead users to believe that they are only giving consent to the collection of non-sensitive personal data, such as their name and address. 2. The consent form is not easy to understand. The consent form is written in complex legal language that is difficult for many people to understand. This could make it difficult for users to understand what they are consenting to. 3. The consent form is not easy to revoke. Once users have given consent to Worldcoin to collect their biometric data, it is difficult to revoke their consent. Users must send a written request to Worldcoin, and the company is not required to delete the data immediately.
There is an exciting read from MIT claiming that Worldcoin has built a biometric database from the bodies of the poor using deceptive practices: Read along here https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency...
Which direction should African and global majority countries take in regard to Western companies harvesting personally identifiable data from their citizens?
Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Listers We need to understand the registration role contemplated in the Data Protection Act. The role was to have visibility on who data processors are. Issuing a certificate is simply registering a company processing data. However, IMHO, the issue here is on understanding the registration mandate. As we handle this WorldCoin circus, let us hold sacred the Independence of this office contemplated during the crafting of the Data Protection Law in order to shield it from political interests. Upon investigation, a decision was made and communicated to WorldCoin <https://www.the-star.co.ke/news/realtime/2023-09-07-kassait-why-we-revoked-worldcoin-licence/> . Rgds GG On Tue, Sep 12, 2023 at 10:24 AM David Indeje via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Office of the Data Protection Commissioner did not carry out due diligence before registering Worldcoin activities in the country, ICT Cabinet Secretary Eliud Owalo told Parliament on Monday. https://www.the-star.co.ke/news/2023-09-11-owalo-throws-data-commissioner-un...
On Sat, Jul 29, 2023, 3:07 PM Mwendwa Kivuva via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
There is some development.
I've seen some of the registration kiosks for Worldcoin have closed shop with the sign "closed until further notice".
This is likely because of this advisory from the Office of the Data Protection Commissioner (ODPC) "Calls for Vigilance from the Public as It Engages WorldCoin on Compliance with Data Protection Act, 2019." https://twitter.com/ODPC_KE/status/1684869953378283520
In the Press Release, ODPC 1. "calls for increased vigilance from the public as it continues to engage with Worldcoin, and entity processing activities of iris data through an Orb, to ensure compliance with the Data Protection Act, 2019" What does increased vigilance from the public mean? 2. "As the ODPC conducts its assessment of WorldCoin's practices to ensure compliance with the law, Kenyans are urged that they receive proper information before disclosing any personal or sensitive data. Individuals are advised to thoroughly inquire about how their data will be used." Here the public is advised to exercise informed consent. Should Worldcoin continue collecting iris data if it is not compliant with Kenya's DPA, or properly licensed? 3. "The office will continue to engage with organizations to prompt compliance with the law and protect the privacy of Kenyans"
Finally, the way Kenya's Data Protection Act, 2019 is framed, can Worldcoin be compliant even if they tried? To be compliant, they would need to have the following in place 1. Worldcoin must respect individuals' rights regarding their personal data. This includes the right to access, correct, and delete their data, as well as the right to object to processing in certain situations. 2. Data Minimization: Worldcoin should only collect and process the minimum amount of personal data necessary to fulfill its purpose. It should avoid unnecessary data collection and ensure that data is not retained longer than required. 3. Lawful Basis: Worldcoin should identify a lawful basis for processing personal data. This could be based on obtaining explicit consent from users or any other lawful basis specified in the Data Protection Act, 2019. 4. Implement appropriate technical and organizational measures to safeguard the personal data it collects. This could include encryption, access controls, and regular security audits. 5. Cross-Border Data Transfers: If Worldcoin transfers data outside of Kenya, it must comply with the regulations regarding cross-border data transfers, which may require obtaining explicit user consent or ensuring the receiving country has adequate data protection laws. 6. Data Breach Notification: In the event of a data breach that poses a risk to individuals' rights and freedoms, Worldcoin should promptly notify the relevant authorities and affected users. We are hoping Worldcoin is acting in good faith, and if they are breached, they will notify the data subjects and the authorities. 7. Appointment of Data Protection Officer (DPO) to oversee data protection compliance. 8. Data Protection Impact Assessment (DPIA) to assess and mitigate potential risks to individuals' privacy. 9. Avoid sharing users' personal data with third parties unless necessary for the purposes of the cryptocurrency project and with the explicit consent of the user.
Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva
On Wed, 26 Jul 2023 at 23:43, Paul Magacha < magacha.cirrus.techvue@gmail.com> wrote:
There's Gardrn city, two rivers mall, next gen mall and now sarit centre
I'm yet to understand why Sam Altman of OpenAI is targeting third world and developing countries with this.
Sent from my iPhone
On 24 Jul 2023, at 23:47, Peter Wakaba via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Worldcoin's cryptocurrency token WLD debuted today on the world's largest cryptocurrency trading platform Binance to quite a bit of hype. The company defines its tools as a digital identity protocol aiming to support humanity in the age of AI, which consist of a privacy-preserving digital identity and a digital currency (WLD) received simply for being human (and registered on their platform via the 'orb'.
On Mon, Jul 24, 2023 at 4:16 PM Mwendwa Kivuva via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Worldcoin was founded by Sam Altman, who also founded OpenAI, the company behind ChatGPT. Worldcoin is an iris biometric cryptocurrency project that has scanned and stored the eyes of millions of people across the world.
Apart from invading our shopping malls to harvest eye iris data, I've now seen they are operating from inside supermarkets, most recently from inside Quickmarts in Nairobi.
This is an important discussion because Worldcoin has been operating in Kenya for more than a year, collecting biometric iris scans of the uninformed consenting public. We had a discussion here, and it was not clear if the Office of the Data Protection Commissioner (ODPC) had given content for such eternal personally identifiable data to be collected.
The privacy implications of Worldcoin collecting biometric iris scans of poor people are significant.
1) The data could be used to track people's movements and activities. Iris scans are unique to each individual and can be used to identify people even if they are wearing disguises. This means that Worldcoin could track poor people's movements, including where they go, who they meet, and what they do. This could be used to target them for marketing or surveillance purposes. 2) The data could be used to discriminate against poor people. Iris scans could be used to deny poor people access to services or opportunities. For example, a bank could use iris scans to deny a loan application from a poor person, or an employer could use iris scans to reject a job application from a poor person. 3) The data could be hacked or stolen. If the data is hacked or stolen, it could be used to commit identity theft or other crimes. This could have a devastating impact on poor people, who may not have the resources to recover from identity theft. 4. Obtaining informed consent is essential when collecting sensitive biometric data. Poor individuals may not fully understand the implications of providing their biometric data or may feel pressured to participate due to their socio-economic situation, potentially leading to uninformed or coerced consent. 5. There's a concern that the initial purpose of collecting biometric data for cryptocurrency verification might evolve into other uses without adequate consent or oversight, leading to function creep and expanded surveillance.
Informed consent is a process in which data subjects give permission for something to happen after they have been given and understood all the relevant information about it. Informed consent requires data subjects to understand the purpose of the data collection. This is one of the four elements of informed consent, along with information, comprehension, and voluntariness. There are some concerns about Worldcoin's consent process.
1. The consent form is not clear about what data is being collected. The consent form does not explicitly state that Worldcoin is collecting biometric data, such as iris scans. Instead, the form simply states that Worldcoin is collecting "personal data." This could lead users to believe that they are only giving consent to the collection of non-sensitive personal data, such as their name and address. 2. The consent form is not easy to understand. The consent form is written in complex legal language that is difficult for many people to understand. This could make it difficult for users to understand what they are consenting to. 3. The consent form is not easy to revoke. Once users have given consent to Worldcoin to collect their biometric data, it is difficult to revoke their consent. Users must send a written request to Worldcoin, and the company is not required to delete the data immediately.
There is an exciting read from MIT claiming that Worldcoin has built a biometric database from the bodies of the poor using deceptive practices: Read along here https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency...
Which direction should African and global majority countries take in regard to Western companies harvesting personally identifiable data from their citizens?
Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
-- Grace Githaiga KICTANet Convenor KICTANet portals KICTANet.or.ke <https://kictanet.or.ke/> | Twitter <https://twitter.com/kictanet> | LinkedIn <https://www.linkedin.com/company/18428106/admin/> | Facebook <https://www.facebook.com/KICTANet/>
I concur with this. And for this mandate to be effectively protected, we need to be able to break down the registration process into its bits and pieces. At which point in the registration process did the mistake/oversight/negligence/political interference/corruption take place. Then suggest ways to fix that segment of the registration process to avoid a repeat of the same. This mandate ought to be an 'evolving' process that can be fine tuned and adaptive to changing demands. Gibson Maina Mathare Infotech Lab On Tue, Sep 12, 2023, 12:16 Grace Githaiga via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Listers We need to understand the registration role contemplated in the Data Protection Act. The role was to have visibility on who data processors are. Issuing a certificate is simply registering a company processing data. However, IMHO, the issue here is on understanding the registration mandate. As we handle this WorldCoin circus, let us hold sacred the Independence of this office contemplated during the crafting of the Data Protection Law in order to shield it from political interests.
Upon investigation, a decision was made and communicated to WorldCoin <https://www.the-star.co.ke/news/realtime/2023-09-07-kassait-why-we-revoked-worldcoin-licence/> . Rgds GG
On Tue, Sep 12, 2023 at 10:24 AM David Indeje via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Office of the Data Protection Commissioner did not carry out due diligence before registering Worldcoin activities in the country, ICT Cabinet Secretary Eliud Owalo told Parliament on Monday. https://www.the-star.co.ke/news/2023-09-11-owalo-throws-data-commissioner-un...
On Sat, Jul 29, 2023, 3:07 PM Mwendwa Kivuva via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
There is some development.
I've seen some of the registration kiosks for Worldcoin have closed shop with the sign "closed until further notice".
This is likely because of this advisory from the Office of the Data Protection Commissioner (ODPC) "Calls for Vigilance from the Public as It Engages WorldCoin on Compliance with Data Protection Act, 2019." https://twitter.com/ODPC_KE/status/1684869953378283520
In the Press Release, ODPC 1. "calls for increased vigilance from the public as it continues to engage with Worldcoin, and entity processing activities of iris data through an Orb, to ensure compliance with the Data Protection Act, 2019" What does increased vigilance from the public mean? 2. "As the ODPC conducts its assessment of WorldCoin's practices to ensure compliance with the law, Kenyans are urged that they receive proper information before disclosing any personal or sensitive data. Individuals are advised to thoroughly inquire about how their data will be used." Here the public is advised to exercise informed consent. Should Worldcoin continue collecting iris data if it is not compliant with Kenya's DPA, or properly licensed? 3. "The office will continue to engage with organizations to prompt compliance with the law and protect the privacy of Kenyans"
Finally, the way Kenya's Data Protection Act, 2019 is framed, can Worldcoin be compliant even if they tried? To be compliant, they would need to have the following in place 1. Worldcoin must respect individuals' rights regarding their personal data. This includes the right to access, correct, and delete their data, as well as the right to object to processing in certain situations. 2. Data Minimization: Worldcoin should only collect and process the minimum amount of personal data necessary to fulfill its purpose. It should avoid unnecessary data collection and ensure that data is not retained longer than required. 3. Lawful Basis: Worldcoin should identify a lawful basis for processing personal data. This could be based on obtaining explicit consent from users or any other lawful basis specified in the Data Protection Act, 2019. 4. Implement appropriate technical and organizational measures to safeguard the personal data it collects. This could include encryption, access controls, and regular security audits. 5. Cross-Border Data Transfers: If Worldcoin transfers data outside of Kenya, it must comply with the regulations regarding cross-border data transfers, which may require obtaining explicit user consent or ensuring the receiving country has adequate data protection laws. 6. Data Breach Notification: In the event of a data breach that poses a risk to individuals' rights and freedoms, Worldcoin should promptly notify the relevant authorities and affected users. We are hoping Worldcoin is acting in good faith, and if they are breached, they will notify the data subjects and the authorities. 7. Appointment of Data Protection Officer (DPO) to oversee data protection compliance. 8. Data Protection Impact Assessment (DPIA) to assess and mitigate potential risks to individuals' privacy. 9. Avoid sharing users' personal data with third parties unless necessary for the purposes of the cryptocurrency project and with the explicit consent of the user.
Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva
On Wed, 26 Jul 2023 at 23:43, Paul Magacha < magacha.cirrus.techvue@gmail.com> wrote:
There's Gardrn city, two rivers mall, next gen mall and now sarit centre
I'm yet to understand why Sam Altman of OpenAI is targeting third world and developing countries with this.
Sent from my iPhone
On 24 Jul 2023, at 23:47, Peter Wakaba via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Worldcoin's cryptocurrency token WLD debuted today on the world's largest cryptocurrency trading platform Binance to quite a bit of hype. The company defines its tools as a digital identity protocol aiming to support humanity in the age of AI, which consist of a privacy-preserving digital identity and a digital currency (WLD) received simply for being human (and registered on their platform via the 'orb'.
On Mon, Jul 24, 2023 at 4:16 PM Mwendwa Kivuva via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Worldcoin was founded by Sam Altman, who also founded OpenAI, the company behind ChatGPT. Worldcoin is an iris biometric cryptocurrency project that has scanned and stored the eyes of millions of people across the world.
Apart from invading our shopping malls to harvest eye iris data, I've now seen they are operating from inside supermarkets, most recently from inside Quickmarts in Nairobi.
This is an important discussion because Worldcoin has been operating in Kenya for more than a year, collecting biometric iris scans of the uninformed consenting public. We had a discussion here, and it was not clear if the Office of the Data Protection Commissioner (ODPC) had given content for such eternal personally identifiable data to be collected.
The privacy implications of Worldcoin collecting biometric iris scans of poor people are significant.
1) The data could be used to track people's movements and activities. Iris scans are unique to each individual and can be used to identify people even if they are wearing disguises. This means that Worldcoin could track poor people's movements, including where they go, who they meet, and what they do. This could be used to target them for marketing or surveillance purposes. 2) The data could be used to discriminate against poor people. Iris scans could be used to deny poor people access to services or opportunities. For example, a bank could use iris scans to deny a loan application from a poor person, or an employer could use iris scans to reject a job application from a poor person. 3) The data could be hacked or stolen. If the data is hacked or stolen, it could be used to commit identity theft or other crimes. This could have a devastating impact on poor people, who may not have the resources to recover from identity theft. 4. Obtaining informed consent is essential when collecting sensitive biometric data. Poor individuals may not fully understand the implications of providing their biometric data or may feel pressured to participate due to their socio-economic situation, potentially leading to uninformed or coerced consent. 5. There's a concern that the initial purpose of collecting biometric data for cryptocurrency verification might evolve into other uses without adequate consent or oversight, leading to function creep and expanded surveillance.
Informed consent is a process in which data subjects give permission for something to happen after they have been given and understood all the relevant information about it. Informed consent requires data subjects to understand the purpose of the data collection. This is one of the four elements of informed consent, along with information, comprehension, and voluntariness. There are some concerns about Worldcoin's consent process.
1. The consent form is not clear about what data is being collected. The consent form does not explicitly state that Worldcoin is collecting biometric data, such as iris scans. Instead, the form simply states that Worldcoin is collecting "personal data." This could lead users to believe that they are only giving consent to the collection of non-sensitive personal data, such as their name and address. 2. The consent form is not easy to understand. The consent form is written in complex legal language that is difficult for many people to understand. This could make it difficult for users to understand what they are consenting to. 3. The consent form is not easy to revoke. Once users have given consent to Worldcoin to collect their biometric data, it is difficult to revoke their consent. Users must send a written request to Worldcoin, and the company is not required to delete the data immediately.
There is an exciting read from MIT claiming that Worldcoin has built a biometric database from the bodies of the poor using deceptive practices: Read along here https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency...
Which direction should African and global majority countries take in regard to Western companies harvesting personally identifiable data from their citizens?
Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
-- Grace Githaiga KICTANet Convenor
KICTANet portals KICTANet.or.ke <https://kictanet.or.ke/> | Twitter <https://twitter.com/kictanet> | LinkedIn <https://www.linkedin.com/company/18428106/admin/> | Facebook <https://www.facebook.com/KICTANet/> _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Worldcoin's use of biometric data (such as iris scans) for identification is a more enhanced, and at the same time, sensitive form of online ID creation compared to typical methods that rely on non-biometric data. The sensitivity of biometric data makes its handling more crucial and necessitates robust protections. In terms of regulatory frameworks, it's vital for countries to establish and enforce comprehensive data protection laws that adequately address the collection, storage, usage, and protection of such sensitive biometric data. These laws should ensure transparency, informed consent, data security, and data subject rights, particularly considering the irreversible nature of biometric data breaches. However, like any legislation, the data protection Act might need to evolve to address novel challenges and specificities introduced by new technologies like Worldcoin. It's also important for users to stay informed about their rights and the implications of sharing such sensitive data. However if users are explained and they agree to walk up the the ORB and have the IRIS scan, done we have to respect their choice. Sometimes as lobbyists we forget that not everyone sees right and wrong in our paradigm and context My alternative view [signature_3999238281] From: Mwendwa Kivuva via KICTANet <kictanet@lists.kictanet.or.ke> Reply to: Kenya's premier ICT Policy engagement platform <kictanet@lists.kictanet.or.ke> Date: Monday, 24 July 2023 at 16:03 To: Badru Ntege <badru.ntege@nftconsult.com> Cc: Mwendwa Kivuva <Kivuva@transworldafrica.com> Subject: [kictanet] Deception and exploitation : How Worldcoin recruited its first million test users Worldcoin was founded by Sam Altman, who also founded OpenAI, the company behind ChatGPT. Worldcoin is an iris biometric cryptocurrency project that has scanned and stored the eyes of millions of people across the world. Apart from invading our shopping malls to harvest eye iris data, I've now seen they are operating from inside supermarkets, most recently from inside Quickmarts in Nairobi. This is an important discussion because Worldcoin has been operating in Kenya for more than a year, collecting biometric iris scans of the uninformed consenting public. We had a discussion here, and it was not clear if the Office of the Data Protection Commissioner (ODPC) had given content for such eternal personally identifiable data to be collected. The privacy implications of Worldcoin collecting biometric iris scans of poor people are significant. 1) The data could be used to track people's movements and activities. Iris scans are unique to each individual and can be used to identify people even if they are wearing disguises. This means that Worldcoin could track poor people's movements, including where they go, who they meet, and what they do. This could be used to target them for marketing or surveillance purposes. 2) The data could be used to discriminate against poor people. Iris scans could be used to deny poor people access to services or opportunities. For example, a bank could use iris scans to deny a loan application from a poor person, or an employer could use iris scans to reject a job application from a poor person. 3) The data could be hacked or stolen. If the data is hacked or stolen, it could be used to commit identity theft or other crimes. This could have a devastating impact on poor people, who may not have the resources to recover from identity theft. 4. Obtaining informed consent is essential when collecting sensitive biometric data. Poor individuals may not fully understand the implications of providing their biometric data or may feel pressured to participate due to their socio-economic situation, potentially leading to uninformed or coerced consent. 5. There's a concern that the initial purpose of collecting biometric data for cryptocurrency verification might evolve into other uses without adequate consent or oversight, leading to function creep and expanded surveillance. Informed consent is a process in which data subjects give permission for something to happen after they have been given and understood all the relevant information about it. Informed consent requires data subjects to understand the purpose of the data collection. This is one of the four elements of informed consent, along with information, comprehension, and voluntariness. There are some concerns about Worldcoin's consent process. 1. The consent form is not clear about what data is being collected. The consent form does not explicitly state that Worldcoin is collecting biometric data, such as iris scans. Instead, the form simply states that Worldcoin is collecting "personal data." This could lead users to believe that they are only giving consent to the collection of non-sensitive personal data, such as their name and address. 2. The consent form is not easy to understand. The consent form is written in complex legal language that is difficult for many people to understand. This could make it difficult for users to understand what they are consenting to. 3. The consent form is not easy to revoke. Once users have given consent to Worldcoin to collect their biometric data, it is difficult to revoke their consent. Users must send a written request to Worldcoin, and the company is not required to delete the data immediately. There is an exciting read from MIT claiming that Worldcoin has built a biometric database from the bodies of the poor using deceptive practices: Read along here https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency... Which direction should African and global majority countries take in regard to Western companies harvesting personally identifiable data from their citizens? Best Regards, ______________________ Mwendwa Kivuva, Nairobi, Kenya https://www.linkedin.com/in/mwendwa-kivuva
participants (7)
-
Badru Ntege -
David Indeje -
Grace Githaiga -
Mathare Infotech Lab -
Mwendwa Kivuva -
Paul Magacha -
Peter Wakaba