German Regulator Orders Worldcoin to Delete Biometric Data Over GDPR Violations

[Editor’s note 12/23/24: This article has been updated to include a response from Chief Legal and Privacy Officer at Tools for Humanity, Damien Kieren. Also, an earlier sentence concerning an order to delete biometric data collected during initial operations has been removed, as World had deleted old iris data with its launch of the SCMP system earlier this year.]

Germany’s data protection regulator has ordered Worldcoin to implement stricter data protection measures. This ruling follows an investigation by the Bavarian State Office for Data Protection Supervision (BayLDA) that began in April 2023, marking a significant development for the recently rebranded digital identity company.

The investigation focused on Worldcoin’s collection and processing of iris-derived biometric data for its World ID system, which aims to authenticate unique individuals and prevent duplicate registrations. The company’s technology uses specialized “Orb” devices to scan users’ irises and create unique digital identities, a system that has been rapidly expanding globally despite regulatory challenges.

Under the December 19, 2024 ruling, Worldcoin must implement a GDPR-compliant data deletion procedure within one month of the decision taking effect. The company must also obtain explicit user consent for specific data processing activities and delete previously collected iris codes that were gathered without sufficient legal basis during 2023.

“With today’s decision, we are enforcing European fundamental rights standards in favor of the data subjects in a technologically demanding and legally highly complex case,” said BayLDA President Michael Will. “All users who have provided ‘Worldcoin’ with their iris data will in future have the unrestricted opportunity to enforce their right to erasure.”

The World Foundation, which operates World, has appealed the decision. The organization is seeking judicial clarity regarding whether its Privacy Enhancing Technologies (PETs) fulfill the EU’s legal definition for anonymization, arguing that the lack of clear definitions complicates privacy protection efforts in the digital age.

Responding to the ruling, Damien Kieren, the Chief Legal and Privacy Officer at Tools for Humanity, emphasized the privacy protections of World’s anonymization technology.

“Data anonymization, not just data deletion, is essential for enabling people to verify themselves as human online while remaining completely private. Without a clear definition around anonymization, however, we lose perhaps our most powerful tool in the fight to protect privacy in the age of AI,” Kieren explained. “The breakthrough multi-party computation setup implemented by World Foundation makes it effectively impossible to link anonymized data back to an individual. We believe strongly that this kind of effective anonymization should be the standard. If what’s required, however, is true technical anonymization, or absolute certainty that anonymized data cannot be linked back to a person even in purely theoretical situations, that would render anonymization impossible and instead incentivize companies to continue storing personal data in an identifiable form.

The ruling does not address certain aspects of Worldcoin’s operations, including matters related to the protection of minors and potential administrative offenses, which remain under separate examination by the authority. This partial scope reflects the complex nature of regulating emerging biometric identity technologies under existing privacy frameworks.

Worldcoin has faced regulatory scrutiny in multiple jurisdictions. In Kenya, for example, authorities temporarily suspended operations over privacy, security, and financial concerns, though the investigation was later closed without further action. The project continues to face examination in other regions regarding its data collection practices and compliance with local regulations, even as it expands into new markets like Panama.

Sources: CryptoSlate, CoinTelegraph, ICOHolder

–

December 20, 2024 – by Ali Nassar-Smith

Related News

Partners

FaceTec’s patented, industry-leading 3D Face Verification and Reverification software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ finally make trusted, remote identity verification possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for 3D Liveness and Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

Oz Forensics is the independent private vendor of robust, technology-based, and AI-powered liveness detection and face-matching solutions founded in 2017 and headquartered in Dubai, UAE. We confirm the security level of our solution by certifying the ISO-30107 Level 1 and 2 standards. https://ozforensics.com/

AuthenticID provides 100% automated identity verification and fraud detection solutions that are leveraged by companies worldwide, including 2 of the top 3 U.S. Banks, 8 out the top 10 wireless providers in North America, and 2 of the 3 credit bureaus. Using proprietary computer vision and machine learning technology, these solutions help companies accurately verify the identity of their users across retail, digital and call center environments for onboarding and ongoing re-authentication events; KYC, IAM, and more. The solutions are easy to integrate and provide customers a large ROI by stopping fraud losses, increasing customer conversion at onboarding, reducing operational costs and allowing quick and cost-effective operational scalability, all while ensuring global privacy regulations are complied with. https://www.authenticid.com/

Founded in 2007, Lakota Software Solutions is an American company with a world-renowned reputation for developing robust biometric software and systems. Our vendor-agnostic products are tailored to ensure compliance with ANSI/NIST-ITL standards and EBTS specifications, facilitate seamless integration with other biometric systems, and optimize accuracy, cost-effectiveness, and scalability. https://lakotasoftware.com/

Identity Week aims to be a significant identity industry catalyst. It’s our mission is to help accelerate the move towards a world where trusted identity solutions enable governments and commercial organisations to provide citizens, employees, customers and consumers with a multitude of opportunities to transact in a seamless, yet secure manner. All the while preventing the efforts of those intent on doing harm. https://identityweek.net/

The Biometric Digital Identity Prism is a market landscape framework designed to help influencers and decision makers understand, innovate, and implement digital identity technologies and solutions. This innovative framework for understanding and evaluating the rapidly evolving biometric digital identity marketplace is the only market model that is truly biometric-centric based on the foundational conviction that in the age of digital transformation the only true, reliable link between humans and their digital data is biometrics. https://www.the-prism-project.com

Related News

Footer

Follow Us