Deception and exploitation : How Worldcoin recruited its first million test users
before registering Worldcoin activities in the country, ICT Cabinet
Secretary Eliud Owalo told Parliament on Monday.
www.the-star.co.ke/news/2023-09-11-owalo-throws-data-commissioner-under-the-bus-in-worldcoin-saga/
On Sat, Jul 29, 2023, 3:07 PM Mwendwa Kivuva via KICTANet <
[email protected]> wrote:
> There is some development.
>
> I’ve seen some of the registration kiosks for Worldcoin have closed shop
> with the sign “closed until further notice”.
>
> This is likely because of this advisory from the Office of the Data
> Protection Commissioner (ODPC) “Calls for Vigilance from the Public as It
> Engages WorldCoin on Compliance with Data Protection Act, 2019.”
> https://twitter.com/ODPC_KE/status/1684869953378283520
>
> In the Press Release, ODPC
> 1. “calls for increased vigilance from the public as it continues to
> engage with Worldcoin, and entity processing activities of iris data
> through an Orb, to ensure compliance with the Data Protection Act, 2019″
> What does increased vigilance from the public mean?
> 2. “As the ODPC conducts its assessment of WorldCoin’s practices to ensure
> compliance with the law, Kenyans are urged that they receive proper
> information before disclosing any personal or sensitive data. Individuals
> are advised to thoroughly inquire about how their data will be used.”
> Here the public is advised to exercise informed consent. Should Worldcoin
> continue collecting iris data if it is not compliant with Kenya’s DPA, or
> properly licensed?
> 3. “The office will continue to engage with organizations to prompt
> compliance with the law and protect the privacy of Kenyans”
>
>
> Finally, the way Kenya’s Data Protection Act, 2019 is framed, can
> Worldcoin be compliant even if they tried? To be compliant, they would need
> to have the following in place
> 1. Worldcoin must respect individuals’ rights regarding their personal
> data. This includes the right to access, correct, and delete their data, as
> well as the right to object to processing in certain situations.
> 2. Data Minimization: Worldcoin should only collect and process the
> minimum amount of personal data necessary to fulfill its purpose. It should
> avoid unnecessary data collection and ensure that data is not retained
> longer than required.
> 3. Lawful Basis: Worldcoin should identify a lawful basis for processing
> personal data. This could be based on obtaining explicit consent from users
> or any other lawful basis specified in the Data Protection Act, 2019.
> 4. Implement appropriate technical and organizational measures to
> safeguard the personal data it collects. This could include encryption,
> access controls, and regular security audits.
> 5. Cross-Border Data Transfers: If Worldcoin transfers data outside of
> Kenya, it must comply with the regulations regarding cross-border data
> transfers, which may require obtaining explicit user consent or ensuring
> the receiving country has adequate data protection laws.
> 6. Data Breach Notification: In the event of a data breach that poses a
> risk to individuals’ rights and freedoms, Worldcoin should promptly notify
> the relevant authorities and affected users. We are hoping Worldcoin is
> acting in good faith, and if they are breached, they will notify the data
> subjects and the authorities.
> 7. Appointment of Data Protection Officer (DPO) to oversee data protection
> compliance.
> 8. Data Protection Impact Assessment (DPIA) to assess and mitigate
> potential risks to individuals’ privacy.
> 9. Avoid sharing users’ personal data with third parties unless necessary
> for the purposes of the cryptocurrency project and with the explicit
> consent of the user.
>
>
>
> Best Regards,
> ______________________
> Mwendwa Kivuva, Nairobi, Kenya
> www.linkedin.com/in/mwendwa-kivuva
>
>
> On Wed, 26 Jul 2023 at 23:43, Paul Magacha <
> [email protected]> wrote:
>
>> There’s Gardrn city, two rivers mall, next gen mall and now sarit centre
>>
>> I’m yet to understand why Sam Altman of OpenAI is targeting third world
>> and developing countries with this.
>>
>> Sent from my iPhone
>>
>> On 24 Jul 2023, at 23:47, Peter Wakaba via KICTANet <
>> [email protected]> wrote:
>>
>>
>> Worldcoin’s cryptocurrency token WLD debuted today on the world’s largest
>> cryptocurrency trading platform Binance to quite a bit of hype.
>> The company defines its tools as a digital identity protocol aiming to
>> support humanity in the age of AI, which consist of a privacy-preserving
>> digital identity and a digital currency (WLD) received simply for being
>> human (and registered on their platform via the ‘orb’.
>>
>> On Mon, Jul 24, 2023 at 4:16 PM Mwendwa Kivuva via KICTANet <
>> [email protected]> wrote:
>>
>>> Worldcoin was founded by Sam Altman, who also founded OpenAI, the
>>> company behind ChatGPT. Worldcoin is an iris biometric cryptocurrency
>>> project that has scanned and stored the eyes of millions of people across
>>> the world.
>>>
>>> Apart from invading our shopping malls to harvest eye iris data, I’ve
>>> now seen they are operating from inside supermarkets, most recently from
>>> inside Quickmarts in Nairobi.
>>>
>>> This is an important discussion because Worldcoin has been operating in
>>> Kenya for more than a year, collecting biometric iris scans of the
>>> uninformed consenting public. We had a discussion here, and it was not
>>> clear if the Office of the Data Protection Commissioner (ODPC) had given
>>> content for such eternal personally identifiable data to be collected.
>>>
>>> The privacy implications of Worldcoin collecting biometric iris scans of
>>> poor people are significant.
>>>
>>> 1) The data could be used to track people’s movements and activities.
>>> Iris scans are unique to each individual and can be used to identify people
>>> even if they are wearing disguises. This means that Worldcoin could track
>>> poor people’s movements, including where they go, who they meet, and what
>>> they do. This could be used to target them for marketing or surveillance
>>> purposes.
>>> 2) The data could be used to discriminate against poor people. Iris
>>> scans could be used to deny poor people access to services or
>>> opportunities. For example, a bank could use iris scans to deny a loan
>>> application from a poor person, or an employer could use iris scans to
>>> reject a job application from a poor person.
>>> 3) The data could be hacked or stolen. If the data is hacked or stolen,
>>> it could be used to commit identity theft or other crimes. This could have
>>> a devastating impact on poor people, who may not have the resources to
>>> recover from identity theft.
>>> 4. Obtaining informed consent is essential when collecting sensitive
>>> biometric data. Poor individuals may not fully understand the implications
>>> of providing their biometric data or may feel pressured to participate due
>>> to their socio-economic situation, potentially leading to uninformed or
>>> coerced consent.
>>> 5. There’s a concern that the initial purpose of collecting biometric
>>> data for cryptocurrency verification might evolve into other uses without
>>> adequate consent or oversight, leading to function creep and expanded
>>> surveillance.
>>>
>>> Informed consent is a process in which data subjects give permission for
>>> something to happen after they have been given and understood all the
>>> relevant information about it. Informed consent requires data subjects to
>>> understand the purpose of the data collection. This is one of the four
>>> elements of informed consent, along with information, comprehension, and
>>> voluntariness. There are some concerns about Worldcoin’s consent process.
>>>
>>> 1. The consent form is not clear about what data is being collected. The
>>> consent form does not explicitly state that Worldcoin is collecting
>>> biometric data, such as iris scans. Instead, the form simply states that
>>> Worldcoin is collecting “personal data.” This could lead users to believe
>>> that they are only giving consent to the collection of non-sensitive
>>> personal data, such as their name and address.
>>> 2. The consent form is not easy to understand. The consent form is
>>> written in complex legal language that is difficult for many people to
>>> understand. This could make it difficult for users to understand what they
>>> are consenting to.
>>> 3. The consent form is not easy to revoke. Once users have given consent
>>> to Worldcoin to collect their biometric data, it is difficult to revoke
>>> their consent. Users must send a written request to Worldcoin, and the
>>> company is not required to delete the data immediately.
>>>
>>> There is an exciting read from MIT claiming that Worldcoin has built a
>>> biometric database from the bodies of the poor using deceptive practices:
>>> Read along here
>>> www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/
>>>
>>>
>>> Which direction should African and global majority countries take in
>>> regard to Western companies harvesting personally identifiable data from
>>> their citizens?
>>>
>>> Best Regards,
>>> ______________________
>>> Mwendwa Kivuva, Nairobi, Kenya
>>> www.linkedin.com/in/mwendwa-kivuva
>>>
