FB pixel

World does not comply with GDPR, says German regulator

BayLDA flags ‘fundamental data protection risks for a large number of data subjects’
World does not comply with GDPR, says German regulator
 

The iris biometrics and digital identity project World has been chastised again, this time by German regulators, who have dealt a heavy blow to the company’s standing in Europe.  World, for its part, has announced that its World App has surpassed 20 million users.

A report from Euro News says a months-long investigation by Germany’s data protection authority, the Bavarian State Office for Data Protection Supervision (BayLDA), has concluded that World’s identification procedure “entails a number of fundamental data protection risks for a large number of data subjects.”

As such, says BayLDA, it does not comply with the European Union’s General Data Protection Regulation (GDPR), and World – previously known as Worldcoin – has been ordered to begin deleting data, as per the rules.

“With today’s decision, we are enforcing European fundamental rights standards in favour of data subjects in a technologically demanding and legally highly complex case,” says BayLDA president Michael Will. “All users who have provided ‘Worldcoin’ with their iris data will in future have the unrestricted opportunity to enforce their right to erasure.”

With roots in Germany, World pledges commitment to Europe

World has already appealed the decision and has asked regulators for “judicial clarity on whether the processes and, in particular, the Privacy Enhancing Technologies (PETs) deployed by World Network meet the legal definition for anonymisation in the EU.”

It is not likely to let go of its claim to Europe easily. The firm responded to suggestions it was backing away from the EU and its sticky biometric privacy regulations by doubling down on its commitment to the continent.

World maintains European headquarters and a manufacturing facility in the German state of Bavaria.

‘We don’t do that anymore’: TFH CPO says company has changed

Damien Kieran is the chief privacy officer for Tools for Humanity, the San Francisco company that was initially called Worldcoin’s parent, but has since been re-framed as a service provider.

He says the German regulator’s decision is based on old processes that have been discontinued, wherein scanned irises were stored in a database.

These days, World claims no ownership of the iris codes, which are encrypted then deleted from their systems. The cryptographic protocol separates the code into three pieces. Those pieces are stored in databases owned by third parties, which include the University of Berkeley, Zurich, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) university and NeverMind.

Kieran also says Michael Will actually likes World, but is “under a lot of pressure, because I think it’s a complicated environment to be a lead supervisory authority in the EU at the moment.”

To Orb or not to Orb? That is the question

World claims it needs “a clear definition around anonymization” to be able to protect people from getting lost in a sea of AI. While it has tussled with regulators globally, it is currently available in Argentina, Austria, Chile, Colombia, Ecuador, Germany, Japan, Mexico, Peru, Poland, Singapore, South Korea, and the U.S.

And, as expected, it has no plans to slow down in Europe. Kieran says plans are afoot to roll out the technology in Ireland, the UK, France and Italy. It also aims to return to Spain and Portugal, both of which suspended its activities earlier this year over data privacy concerns.

But it will all hinge on the GDPR – which, as of right now, says No Orbs Allowed.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Laxton to supply hundreds of biometric kits to Honduras under $1.9M UNDP contract

The United Nations Development Programme has selected Laxton to provide hundreds of Biometric Citizen Registration (BCR) kits for Honduras. The…

 

Leadership change at IBIA follows layoffs at Thales

A major leadership change has been kicked off at Thales Digital Identity & Security and the International Biometrics and Identity…

 

Reusable ID for AML acquired by global fintech as compliance costs rise

Global fintech platform iCapital has entered a definitive agreement to acquire U.S.-based Parallel Markets, which provides reusable identity tools for…

 

Services Australia to run Trust Exchange pilot with largest Australian bank

A pilot with Commonwealth Bank will test the Australian government’s digital identity exchange scheme, Trust Exchange (TEx), using digital medical…

 

COPPA changes specify children’s biometrics and government IDs for protection

The Federal Trade Commission (FTC) Thursday issued notice that it finalized substantial changes to the Children’s Online Privacy Protection Act…

 

Surge of online gambling fraud pushing industry towards identity verification: Report

TransUnion, Sumsub and GeoComply are the leading fraud prevention companies in the global gambling sector, according to a new report…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events