The Bavarian Data Protection Authority (BayLDA) in Germany ruled that Worldcoin violated GDPR regulations when collecting users' iris data, ordering it to delete illegally collected data and adjust its data processing procedures. BayLDA stated that Worldcoin must establish a GDPR-compliant data deletion mechanism within one month and obtain explicit user consent for certain data processing steps. Additionally, for the non-compliant data collected during the initial launch of the project in the summer of 2023, BayLDA also mandated its deletion. The Worldcoin Foundation has appealed this decision and called on the EU to clarify the legal definition of data anonymization as soon as possible, emphasizing that anonymization is an important tool for protecting privacy in the AI era. (Cointelegraph)