Kenya: High Court in Nairobi ordered Worldcoin to delete biometric data of Kenyan citizens and stop further data collection

On 5 May 2025, the High Court in Nairobi ruled on an investigation by the Kenyan Office of the Data Protection Commissioner (ODPC) into alleged data protection violations by Worldcoin. The Court found that Worldcoin had failed to comply with the mandatory legal requirements for processing sensitive personal data under the Data Protection Act, 2019, amounting to a breach of Kenyan citizens’ constitutional right to privacy. It further held that Worldcoin had collected personal data without obtaining valid registration under section 18 of the Act and Regulation 4(3)(c) of the Data Protection (General) Regulations, 2021. The Court also concluded that Worldcoin’s practice of offering cryptocurrency tokens in exchange for biometric data did not meet the threshold for valid, voluntary consent, in breach of both the Act and the General Regulations. In addition, it found that Worldcoin had unlawfully transferred personal data outside Kenya in violation of section 48 of the Data Protection Act and had used communication equipment without the required type approval under the Kenya Information and Communications Regulations. As a result, the High Court ordered Worldcoin to cease all further collection, processing, and transfer of personal biometric data in Kenya using the Orb, and to erase and destroy all such data already collected.