Germany’s data protection regulator has ordered Worldcoin to delete biometric data collected during its initial operations phase and implement stricter data protection measures. This ruling follows an investigation by the Bavarian State Office for Data Protection Supervision (BayLDA) that began in April 2023, marking a significant development for the recently rebranded digital identity company.
The investigation focused on Worldcoin’s collection and processing of iris-derived biometric data for its World ID system, which aims to authenticate unique individuals and prevent duplicate registrations. The company’s technology uses specialized “Orb” devices to scan users’ irises and create unique digital identities, a system that has been rapidly expanding globally despite regulatory challenges.
Under the December 19, 2024 ruling, Worldcoin must implement a GDPR-compliant data deletion procedure within one month of the decision taking effect. The company must also obtain explicit user consent for specific data processing activities and delete previously collected iris codes that were gathered without sufficient legal basis during 2023.
“With today’s decision, we are enforcing European fundamental rights standards in favor of the data subjects in a technologically demanding and legally highly complex case,” said BayLDA President Michael Will. “All users who have provided ‘Worldcoin’ with their iris data will in future have the unrestricted opportunity to enforce their right to erasure.”
The World Foundation, which operates World, has appealed the decision. The organization is seeking judicial clarity regarding whether its Privacy Enhancing Technologies (PETs) fulfill the EU’s legal definition for anonymization, arguing that the lack of clear definitions complicates privacy protection efforts in the digital age.
The ruling does not address certain aspects of Worldcoin’s operations, including matters related to the protection of minors and potential administrative offenses, which remain under separate examination by the authority. This partial scope reflects the complex nature of regulating emerging biometric identity technologies under existing privacy frameworks.
Worldcoin has faced regulatory scrutiny in multiple jurisdictions. In Kenya, for example, authorities temporarily suspended operations over privacy, security, and financial concerns, though the investigation was later closed without further action. The project continues to face examination in other regions regarding its data collection practices and compliance with local regulations, even as it expands into new markets like Panama.
Sources: CryptoSlate, CoinTelegraph, ICOHolder
–
December 20, 2024 – by Ali Nassar-Smith
Related News
ID Tech Digest – December 20, 2024
Worldcoin Under Scrutiny in Singapore Over Account Sales and Biometric Data Privacy Concerns
British High School Gets Formal Reprimand Over Facial Recognition Use
Worldcoin Has an Orb Shortage
Colombian Watchdog Accuses Worldcoin of Data Privacy Violations- Hong Kong Orders Halt to Worldcoin Operations
Follow Us