Worldcoin, a crypto-based biometrics project co-founded by OpenAI’s Sam Altman, has been found to have violated European Union (EU) data protection regulations, resulting in data deletion requests from German regulators.
The Bavarian State Office for Data Protection Supervision (BayLDA) has issued a corrective measure against the company, citing non-compliance with the General Data Protection Regulation (GDPR).
Worldcoin Faces German Regulator for GDPR Violations: What Data Is Worldcoin Collecting?
Worldcoin, now known as World, creates digital identities using iris and facial scans. These identities are designed to prove users are human rather than AI bots.
The technology is built by Tools for Humanity, a San Francisco-based company. World’s devices, called “Orbs,” scan users’ irises and generate unique codes.
While Tools for Humanity, a San Francisco-based company, developed World’s technology, its European headquarters and manufacturing operations are located in Bavaria, Germany.
The BayLDA’s several-month investigation into World concluded that its practices posed “fundamental data protection risks” to many individuals.
The authority ruled that World’s earlier identification procedures did not meet GDPR standards and mandated the company begin a GDPR-compliant data deletion process.
Michael Will, president of BayLDA, emphasized the decision’s significance.
He said:
“We are enforcing European fundamental rights standards in a technologically demanding and legally complex case.”
The regulator has ordered World to delete all collected data in compliance with GDPR. It also mandated that users must have the unrestricted ability to request erasure of their data.
World has appealed the decision and called for judicial clarity on its use of Privacy Enhancing Technologies (PETs). These technologies anonymize user data, which World claims meets EU legal standards.
According to a report, Tools for Humanity’s chief privacy officer, Damien Kieran, defended the company’s practices stating that World had addressed earlier concerns by revising its data handling processes.
According to Kieran, the company no longer stores personal iris data. Instead, it applies a cryptographic protocol that splits iris codes into three encrypted parts.
These fragments are stored in separate databases managed by third parties, including universities in Berkeley, Zurich, and Erlangen-Nürnberg.
Kieran argued that data anonymization is essential for verifying identities while preserving privacy.
“Without a clear definition around anonymisation, however, we lose perhaps our most powerful tool in the fight to protect privacy in the age of AI.”
Some Countries Banned World’s Technology Amid Ongoing Privacy Concerns
BayLDA’s investigation focused on when World stored iris codes in a centralized database. The authority found this practice non-compliant with GDPR.
World has since discontinued this approach and deleted all personal data from iris codes. The company emphasized that the current system ensures privacy through advanced cryptographic methods.
World operates in several countries, including Germany, Japan, the US, and South Korea. It plans to expand further into Ireland, the UK, France, and Italy.
However, earlier this year, Spain and Portugal temporarily banned the technology following complaints about data privacy concerns.
World, formerly Worldcoin, launched World Chain, an Ethereum layer-2 blockchain, on Oct. 17. The network serves its 15 million verified users with a “World ID” obtained via iris scanning.
The rebrand includes a new Orb biometric device powered by Nvidia hardware, offering improved efficiency.
World also announced partnerships with apps like FaceTime and Zoom to expand identity verification options.
The post German Watchdog Orders Worldcoin to Delete Non-Compliant Data, Citing GDPR Violations appeared first on Cryptonews.