MPs order authority to disable Worldcoin virtual platforms

Members of Parliament (MPs) have given the Communication Authority seven days to disable the virtual platforms of two firms contracted by Worldcoin to operate in the country, namely, Tools for Humanity Corp and Tools for Humanity GmbH, Germany.

The lawmakers also want the authority to blacklist the IP addresses of related websites and to suspend their physical presence in Kenya until there is a legal framework for regulation of virtual assets and virtual asset service providers.

In its report tabled yesterday, the Adhoc Committee probing the operations of Worldcoin in the country, wants the Cabinet Secretary for Ministry of Information Communication and the Digital Economy through the ICT Authority in consultation with relevant stakeholders to develop a comprehensive oversight framework and policies on virtual assets and virtual assets service providers in Kenya, within six months of the adoption of the report.

“Within six months of the adoption of this report, the CS for the National Treasury in consultation with the relevant stakeholders to develop regulations and enforcement infrastructure to ensure that virtual assets and virtual assets providers and their activities are adequately regulated and monitored,” reads the report.

Further, the Director of Criminal Investigations (DCI) and the Director of Public Prosecutions (DPP) should within three months from the date of adoption of the report conduct investigations into the operations of M/s Tools for Humanity Corp and M/s Tools for Humanity GmbH, Germany (Worldcoin) in Kenya and take the requisite legal action.

“The DCI and the DPP should within three months of adoption of this report investigate into the activities of the local partners, Tools for Humanity Corp and Tools for Humanity GmbH, Germany (Worldcoin) in Kenya to establish culpability of persons including Sense Marketing Limited, involved in aiding and abetting their criminal activities and take necessary legal action,” states the report.

The MPs have also recommended that parliament reviews the current legal framework, to; amongst other provisions, harmonize the Data Protection Act with Part XXXVII of the Companies Act to expressly require foreign companies to provide proof of registration as foreign companies.

They also want the law amended to require foreign entities to provide proof of registration with local regulatory bodies before registration as data processors and/or controllers.

The law should be reviewed to provide for the requirement for full disclosure on how data controllers and processors will utilize and store personal and sensitive data collected in the country.

The MPs have also taken to task the Cabinet Secretary for Information, Communication and the Digital Economy Eliud Owalo for misleading the country on the status of Worldcoin in Kenya.

The Committee took note of the television interview August 2, where Owalo stated that as far as the Data Act 2019 is concerned, they (Worldcoin) are acting within the law.

They want section 63 of the Data Protection amended to provide discretion to the Office of the Data Protection Commissioner in the imposition of administrative fines and to align to global standards so as to ensure that entities take matters of data protection seriously.

Further, the Data Protection Act, 2019 should be amended to provide for a board where the Office of the Data Protection Commissioner reports or accounts on its daily operations.

The law should be revised to provide clear tax remittance procedures on taxes imposed on transactions involving virtual assets under section 12F of the Income Tax Act.

They have also recommended that the Computer Misuse and Cybercrimes Act 2018 be reviewed to fully deal with the current realities in cyberspace including stationing multi-agency technical personnel at all border entry points to provide technical expertise on all technological equipment imported into the country.

The MPs propose the expansion of the scope of offences and develop the elements of offences under the Computer Misuse and Cybercrimes Act, 2018, and develop new regulations under the Act.

They want the Computer Misuse and Cybercrimes Act 2018 reviewed to co-opt the Data Commissioner or a representative of the Office of the Data Protection Commission as a member of the National Computer and Cybercrimes Coordination Committee.

The Cybercrimes law should be modified to provide legislative interventions to govern the collection of biodata from Kenyans which has implications on privacy, security, health concerns and human rights.
Further, the committee directed the CAK to develop a regulatory sandbox in collaboration with relevant authorities within six months to regulate new data-based projects that rely on new and emerging technologies.

The CS for Interior and National Administration should through the DCI provide a report to the National Assembly on the status of their ongoing investigations into the activities of Tools for Humanity Corp and Tools for Humanity GmbH, Germany (Worldcoin) in Kenya and their findings, and thereafter report after every two weeks until conclusion and necessary remedial actions are taken.

The legislators have asked the Data Protection Commissioner to carry out an audit of all registered data processors and controllers as required by the Data Protection Act, 2019 and submit a Report to the National Assembly, six months after the adoption of the report.