Multiple regulators turn gaze to Worldcoin’s iris collection

Regulators in the UK, France, Germany, Kenya and Mexico are scrutinizing Worldcoin, the company that offers people free cryptocurrency for enrolling in its digital ID by scanning their irises.

After the UK Information Commissioner’s Office promised last week it will be making further inquiries into Woldcoin’s launch in the country, the Bavarian State Office for Data Protection Supervision announced that it has been investigating Worldcoin for nearly a year over its large-scale processing of sensitive biometric data.

The investigation was opened last November, Reuters reports.

The German agency keeps an eye on Worldcoin under European Union data protection rules because Tools For Humanity, which develops technology for Worldcoin, has German headquarters.

France’s privacy watchdog CNIL also took an interest in Worldcoin, which launched its crypto token last week. The government agency told Reuters Friday that the legality of collecting iris biometric data and the conditions of its storing “seems questionable.” It has since, however, handed over the case to Bavarian authorities.

European regulators are not the only ones scrutinizing the company, which was founded by OpenAI CEO Sam Altman.

Kenya’s data watchdog has urged the public to be extra vigilant when interacting with Worldcoin, highlighting concerns about the processing of sensitive personal data and compliance with the country’s Data Protection Act of 2019. The Office of the Data Protection Commissioner (ODPC) is conducting its assessment, Innovation Village reported.

In Mexico, privacy advocates have been warning that the country’s weak data protection laws mean that citizens could be left unprotected in case of data breaches or abuses. Mexico’s data agency INAI is unable to carry out its functions because it lacks one of its commissioners. Mexico President Andrés Manuel López Obrador is trying to scrap the data protection body as part of a wider overhaul of the country’s regulators and watchdogs, Reuters reported.

Users in Mexico could also be left unprotected because Worldcoin is headquartered in Germany and the United States, says Agneris Sampieri, Latin America policy analyst at digital rights group Access Now.

Worldcoin enrolls users into its World ID digital identity service by scanning their irises with its Orb devices. The iris scan is meant to confirm that the user is indeed human while remaining anonymized. The company says its World ID, which has been issued to more than 2 million people, is not linked to the name, address or personal data of users.

It also claims that the project abides by Europe’s General Data Protection Regulation (GDPR) and that the images of the user and their iris pattern are permanently deleted after signing up unless users agree to allow them to be stored. The training data is not connected to Worldcoin tokens, transactions or World ID, according to the company.

Worldcoin’s data practices are also raising questions about the corporate structure of the project’s developer, Tools for Humanity, and which part of the company handles liability.

In a reply to TechCrunch, a Tools for Humanity spokesperson reportedly said that the data controller now is the Worldcoin Foundation, with Tools For Humanity being a data processor for Worldcoin.

While Tools for Humanity is a for-profit tech company, Worldcoin could not provide a clear answer on whether it is a for-profit or not-for-profit entity because its decentralized governance complicates its structure.

Among other entities in the project are the Worldcoin Foundation and Worldcoin Protocol.

Article Topics

biometric data  |  data protection  |  France  |  Germany  |  iris biometrics  |  Kenya  |  Mexico  |  World  |  World ID Orb