Sam Altman’s eye-scanning crypto project needs to take a second look at its European operations.
The German data agency investigating World over its data collection practices concluded today that the firm does not meet Europe’s strict data privacy laws.
“Worldcoin still has to do some homework,” Will told DL News in a phone call.
Michael Will, the president of the Bavarian State Office for Data Protection, said that doesn’t mean they must stop their operations in the European Union.
The BayLDA report seen by DL News said that World — previously called Worldcoin — must let users delete their data from the application to become compliant, said Will.
“The data is still in a certain situation there, and you need to give people the opportunity and the methodology to ask for complete erasure,” he said.
The company has one month to comply with this change, among others, the report read.
The BayLDA’s investigation into World began in November 2022. The probe sought to determine whether the project breached the EU’s General Data Protection Regulation, or GDPR, by scanning people’s eyes.
World uses silver and white basketball-sized spheres to scan irises and convert the data into a string of letters and numbers, called an iris code.
This code generates a World ID, a digital passport that World says will help distinguish between who is human and what is an artificial intelligence programme on the Internet.
For joining, users can opt-in to earn World’s native WLD cryptocurrency. The token is worth $2.42, down 9% today.
Given the sensitive nature of biometric data, regulators across Europe have cracked down on World. Authorities in Spain and Portugal barred the company from operating after they received complaints that minors were being scanned.
“There are many parents who now ask for erasure, especially in Portugal and Spain,” said Will.
“They question whether World did the right thing to protect children.”
He said another investigation into these complaints is underway. World declined to comment on this.
World appeals
World has already appealed the BayLDA’s decision.
It no longer has the iris code data, and retrieving it for a specific person is impossible, according to a company blog.
“The BayLDA’s decision clearly illustrates the urgent need to establish a clear and consistent definition of anonymisation in the EU that will help protect personal data in the age of AI,” the company said today. “GDPR currently does not provide this.”
Next, a Bavarian court will examine the report’s findings and issue a judgement. These judges may even bring the case to the European Court Justice, the EU’s highest court.
“I’m a little bit afraid that we won’t see clarity on this issue for many months or years,” said Will.
Until then, World plans to continue operating — and expanding — in Europe.
Liam Kelly is a Berlin-based reporter for DL News. Got a tip? Email him at liam@dlnews.com.