Kenya has confirmed that all biometric data previously collected from its citizens by the controversial Worldcoin project has been deleted, marking a significant moment in the ongoing debate over digital privacy and data protection. The action followed directives from the Kenyan High Court and enforcement by the Office of the Data Protection Commissioner (ODPC), underscoring the importance of data protection laws in the rapidly expanding digital economy.
Worldcoin, a global cryptocurrency and digital identity initiative co‑founded by Sam Altman, CEO of OpenAI, attracted widespread attention when it launched in Kenya in 2023. As part of its rollout, the project used specialized devices called “Orbs” to scan the irises of thousands of Kenyans in exchange for digital tokens — an incentive that drew many participants. The scans were used to create a unique digital identity known as a World ID.
Why Kenya Took Action
The deletion of the data comes after years of controversy and legal scrutiny. Concerns emerged almost as soon as Worldcoin began its biometric data collection. Critics, including civil society organizations and privacy advocates, warned that collecting sensitive personal information — such as iris scans — posed serious risks if not handled in compliance with Kenyan law.
Under the Data Protection Act of 2019, biometric data is classified as sensitive personal data. Processing such information requires strict legal safeguards, including conducting a Data Protection Impact Assessment (DPIA) and obtaining free, informed consent. Evidence presented during the legal challenge showed that Worldcoin and its operators failed to meet these legal requirements.
In May 2025, Kenya’s High Court delivered a ruling that found Worldcoin’s practices unlawful and ordered the company to permanently delete all biometric data collected from Kenyans. The court also barred the organization from further collecting or processing such sensitive information unless it complied fully with data protection laws.
Confirmation of Data Deletion
On January 20, 2026, the ODPC made it official. In a public notice, the office confirmed that Tools for Humanity — the company behind Worldcoin — had fully complied with the directive to erase the biometric data it had gathered. According to the ODPC, the deletion was verified through a compliance audit, and the agency reaffirmed its commitment to enforcing data protection laws in Kenya.
The regulator did not specify how much data was collected or how many individuals were affected, but it noted that the action was crucial to upholding citizens’ right to privacy under Kenyan law. The ODPC also emphasized that any future operations in Kenya involving personal data must meet all legal requirements before resuming.
Impact and Reactions
The deletion of data has significant implications for digital privacy in Kenya. It sends a strong message that even large international tech projects must adhere to local laws and respect individual rights. Privacy rights advocates have welcomed the move as a landmark enforcement action, reinforcing the importance of data sovereignty and legal compliance in the digital age.
Amnesty International Kenya and other civil society groups described the ruling and data deletion as a “milestone” in protecting Kenyans’ digital rights. They highlighted concerns that offering cryptocurrency tokens in exchange for biometric data could compromise the voluntariness of consent, especially among populations in economically vulnerable positions.
However, some tech industry representatives cautioned that stringent data protection requirements could deter innovation if not balanced with clear frameworks for emerging technologies. They argue that data‑driven projects like Worldcoin have the potential to expand financial inclusion and bring innovative services to markets like Kenya — provided they operate within the law.
Kenyans’ Digital Privacy in Focus
The Worldcoin case has sparked broader discussions about digital privacy, consent, and the ethics of collecting biometric information. Many observers see it as a test of Kenya’s Data Protection Act, which was enacted to safeguard personal data in an increasingly digital world.
Biometric identifiers — like iris scans — are highly sensitive because they are unique and permanent. If mishandled or breached, such data can pose significant privacy risks. The strong regulatory response in Kenya underscores the need for clear consent, transparency, and accountability when dealing with data that can uniquely identify individuals.
What Happens Next
With Worldcoin’s data now deleted and its Kenyan operations dormant since the suspension in August 2023, the future of the project in the country remains uncertain. The ODPC has indicated that any attempt to restart data collection would require a full legal compliance process, including a DPIA and valid informed consent from individuals.
Experts believe that the Worldcoin case could set a precedent for how other countries handle large‑scale biometric data projects, particularly when international tech firms are involved. It also highlights the importance of robust data protection frameworks that balance innovation with individual rights — a challenge many nations are currently navigating.
Conclusion
The deletion of Worldcoin’s biometric data from Kenyan systems represents a decisive move by authorities to enforce data protection laws and protect citizens’ digital privacy. After months of legal battles and regulatory scrutiny, Kenya has reaffirmed that technological innovation must operate within legal and ethical boundaries, especially when it involves sensitive personal information.