Kenya became a frontline battleground in the global experiment with digital identity when Worldcoin launched its biometric identity scheme. The project offered iris scanning to verify users as real humans, with a promise of cryptocurrency rewards for participants. Many Kenyans queued en masse, drawn by the offer especially youth and those in search of quick income.
Yet the excitement soon gave way to alarm. Critics raised serious questions about privacy and consent. They warned that people might not fully understand what giving away sensitive biometric data meant. At the same time, civil society groups and regulators flagged the risks of handing over iris and facial data without proper protections.
What Went Wrong
As concern grew, Kenya’s regulatory authorities stepped in. Investigations found that Worldcoin had failed to carry out a mandatory data impact assessment. The project did not properly register as a data controller under national privacy law. Collecting biometric data in return for financial incentive counted as an inducement, not genuine informed consent. The tools used for scanning the so called “Orb” lacked required local approval.
In May 2025, the High Court of Kenya ruled that Worldcoin’s activities violated the constitutional right to privacy and breached data protection regulations. The court ordered the company to permanently delete all biometric data collected from Kenyans, within a short window under government supervision. It also banned any further biometric collection without full compliance with the law.
Worldcoin was effectively shut down in Kenya. Physical operations remain suspended. Lawmakers called for documented proof of data deletion. Regulators indicated they received a company affidavit, but independent verification remains under scrutiny. Meanwhile, Kenyans who had signed up await clarity on whether their data truly disappeared, and if any misuse had taken place.
Data Protection
The saga did more than stop a controversial company. It served as a wake up call for Kenya and the wider region about the value of personal data. The episode reaffirmed that privacy and consent remain fundamental rights even in a fast evolving digital age marked by high tech solutions.
The Worldcoin case exposed the dangers of offering financial incentives for sensitive personal data. When impoverished or vulnerable people see quick money in exchange for their biometric signatures, consent easily becomes transactional. The ruling sends a clear message that technology must respect human dignity and national regulations.
Today, regulators and lawmakers call for stronger oversight and tighter rules for any biometric or digital identity project. Many citizens now engage more critically with tech based offers, asking whether they truly understand the risks before joining. Public awareness about digital privacy has surged.
For Kenya, the episode offers valuable lessons. Policymakers and tech firms alike must treat biometric data as highly sensitive. They must carry out full risk assessments, register properly, and obtain genuine, informed consent not pay for participation and hope for the best.
The Worldcoin episode ended for now, but its impact will shape how Kenya approaches digital identity, data privacy, and emerging technology in the future.
Also read: Kenya Records 27% Rise in Malaria Cases
