Decision is binding at European level. Worldcoin will also, in the future, have to request users’ approval for certain stages of data processing.
The Bavarian Regional Office for Data Protection (BayLDA) concluded that the Worldcoina company that has been collecting biometric data in several countries this year, through iris reading, must start allowing users to delete the biometric data provided to the company, a decision that is binding at European level.
The German cabinet opened an inquiry in April 2023 and has now concluded that Worldcoin must improve the way it handles data stored in Europe. “All users who have made their iris data available to Worldcoin will, in the future, have the unlimited possibility of having your right to erasure implemented”, said BayLDA president Michael Will in a statement this Thursday.
With the decision, “we are ensuring compliance with basic European standards for those affected in a technologically demanding and legally complex case,” he added.
Suspended in Portugal after “fever” in shopping malls
The Worldcoin platform was created in 2019 by Sam Altman, founder of OpenAI, the company that developed ChatGPT.
This year, the company began recording the irises of people in exchange for cryptocurrencies in various parts of the world, arguing that all information it collects is anonymous and that users always maintain control of their data.
For 10 WLD tokens — value in cryptocurrency that was worth approximately in February 70 euros — the company asked for iris reading. However, sources who went through the process told ZAP that they received much more than 10 tokens.
“I didn’t have to register for anything, I didn’t have to give personal data, I just had to put my phone number in the app,” says a Worldcoin customer to ZAP, who sold his iris to the company when the currency was worth less — around two euros per token. After receiving the 10 tokens instantly, you were promised a voucher with three more virtual coins, and every 10 days you receive three coins until you reach a total of 77 WLD tokens. At the height conversion, there were more than 550 euros.
The Spanish Data Protection Agency (AEPD) in June said the company committed to suspending this activity in Spain until the end of the year or until there is a final resolution on the matter, while other countries have adopted similar measures.
In the same month, Worldcoin would be suspended in Portugal.
Worldcoin will have to request approval at certain stages
At the heart of BayLDA’s research were Worldcoin’s data protection standards, as well as users’ rights, with a special emphasis on the right to withdraw their authorization for storing biometric data. The result is that, despite the improvements introduced and at the request of various authorities, adjustments are still necessary so that data processing complies with current regulations, states the entity.
Therefore, the company is urged to implement an erasure procedure in accordance with European regulations within one month of publication of the resolution.
Furthermore, Worldcoin will, in the future, have to request approval from users for certain stages of data processingand is also ordered to delete certain data stored without a sufficient legal basis.
BayLDA’s decision is binding at the European level, as it was adopted in coordination with all European data protection agencies involved, as Worldcoin’s activities span the entire European Union.
