Portugal orders Worldcoin to stop collecting iris biometrics for 90 days

Portugal’s data regulator, the Comissão Nacional de Proteção de Dados (CNPD), has imposed a 90-day suspension on Worldcoin’s biometric data collection activities in the country, citing complaints about the unauthorized collection of data from minors, inadequate communications regarding their iris-scanning Orb program offering crypto tokens in exchange for biometrics, and other risks to personal digital rights.

In a release, the CNPD says the “urgent provisional measure” is in response to a notable spike in activity by the firm, with the number of locations hosting an Orb device for biometric data capture almost doubling in six months. Furthermore, says the regulator, “there is no mechanism for verifying the age of members.”

“Minors are people particularly vulnerable and are also subject to special protection by the European legislator and national, as they may be less aware of the risks, consequences and guarantees of the treatment of their personal data.”

Reuters reports the CNPD suspension applies to the Worldcoin Foundation – “a Cayman Islands entity described on its website as ‘memberless’, having no owners or shareholders.” It is intended to be temporary while the data regulator does due diligence in following up on complaints. But observers of the Worldcoin story might find themselves likening it to a game of Whac-A-Mole, as the company pops up in country after country, only to find itself facing the regulatory hammer.

Portugal joins Kenya, Spain, Germany, France, India, Brazil, Argentina, South Korea and Hong Kong in raising regulatory eyebrows at Worldcoin, which is owned by Tools for Humanity, a venture of Open AI creator Sam Altman.

Company says it is committed to not collecting data from minors

To the allegations about collecting data from minors who are under 18 – the official age at which Worldcoin enrolment and iris scanning is allowed – Worldcoin Foundation Data Protection Officer Jannick Preiwisch answers that Worldcoin is “fully compliant with all laws and regulations governing the collection and transfer of biometric data.”

“The report from CNPD is the first time we are hearing from them regarding many of these matters, including reports of underage sign-ups in Portugal, for which we have zero tolerance for and are working to address in all instances,” Preiwisch said to Reuters.

To its credit, the company has been making moves toward transparency. It recently made its Orb iris biometric collection software open source, to “promote a community-driven audit process, wherein an independent verification and public reporting of findings will contribute to the assurance of Orb’s adherence to the protocols governing data privacy and security.”

A recent security audit rated the Orb’s biometric collection software to be sound from a data protection and privacy perspective. The company has launched several initiatives aimed at improving the Worldcoin system, which is rooted in the concept of providing universal proof-of-personhood in a world increasingly dominated by machines (some running on the kind of AI Altman pioneered with ChatGPT). It has even pledged to make the spherical chrome Orb that captures iris biometrics look a little less like some relic of a retro-futurist dystopia.

So, the game continues. What will Worldcoin have to do to convince hammer-wielding regulators that it is an ethical contributor to the digital identity ecosystem, rather than a varmint looking to gnaw at their data security like so many torn-up carrots? Regardless of the answer, the company continues to invite anyone willing to go eye-to-eye with the Orb to step right up.

Article Topics

biometric identifiers  |  biometrics  |  CNPD  |  data collection  |  iris biometrics  |  Portugal  |  World  |  World ID Orb