Germany's data protection authority, the Bavarian State Office for Data Protection Supervision (BayLDA), has issued corrective measures for the World digital identity project, formerly known as Worldcoin, due to the project's handling of biometric data.

BayLDA announced on December 19 that it has concluded its investigation into World’s compliance with the EU General Data Protection Regulation (GDPR).

This authority has ordered World to implement a data deletion process complying with GDPR standards within one month from the effective date of the ruling.

In response, the World Organization has appealed the decision by requesting the regulator to provide legal clarity on whether the Privacy-Enhancing Technologies (PET) of the World Network meet the legal definition of anonymization in the EU.

Enhancing rights for World ID users

World, launched in July 2023 by Tools for Humanity (TFH) — co-founded by OpenAI CEO Sam Altman — uses iris biometrics to verify digital identity.

BayLDA initiated an investigation into the project in 2023, citing concerns about biometric data collection. According to the regulator, World voluntarily and temporarily suspended operations in individual EU countries pending the investigation results.

See also: Emerging markets leading cryptocurrency trends

According to BayLDA chairman Michael Will, the agency's latest decision aims to strengthen the rights of World users.

"With today's decision, we enforce European fundamental rights standards that benefit data subjects in a case requiring complex technological and legal demands," Will said, adding:

"All users who provided iris data for 'Worldcoin' will have unlimited opportunities to exercise their right to delete their data."

BayLDA requires World to fulfill multiple obligations

Although World has made efforts to improve GDPR compliance, BayLDA has identified the need for additional adjustments to meet regulatory requirements.

Not only requiring the establishment of a compliant data deletion process, BayLDA also demands that World provide clear consent for certain processing steps in the future.

Furthermore, World is obligated to delete certain data records "previously collected without sufficient legal basis as required under the administrative order," BayLDA stated.

See also: FCA warns Brits to steer clear of Solana memecoin

"This order targets all customer iris codes collected from early summer 2023 until a certain point this year, when Worldcoin shifted operations to a more legally compliant basis," Will told TinTucBitcoin.

Due to national administrative law, the assessment of whether an administrative procedure should be initiated is reserved for a separate procedure, BayLDA added:

"The same applies to examining multiple complaints from European users about specific personal issues, such as child protection, which is not the subject of the current decision."

World seeks clarification on anonymization in the EU

According to the World Organization, the decision of BayLDA clearly illustrates the need to establish a clear and consistent definition of anonymization in the EU to help protect personal data in the era of artificial intelligence.

"The current GDPR does not provide this, and both the World Organization and TFH believe this issue needs to be addressed swiftly," the World Organization stated in a blog post regarding BayLDA's decision.

See also: Blockchain Association outlines cryptocurrency priorities for Trump's first 100 days

"Data anonymization, not just data deletion, is essential to allow individuals to self-verify as human when online while remaining completely private," said TFH's legal and privacy director, Damien Kieran.

"However, without a clear definition of anonymization, we may lose the most powerful tool in the fight to protect privacy in the AI era," he added.

Therefore, the World Organization stated that they are appealing BayLDA's decision to seek clarity on whether World’s technology meets the legal definition of anonymization in the EU.

"The World Organization and TFH will continue to work closely with regulators in the EU and elsewhere to ensure this important question is answered in a way that promotes privacy protection and innovation," they added.