Update (Dec. 19, 15:12 UTC)

This article has been updated to clarify that, in May 2024, Worldcoin deleted all data from its old iris code to comply with local regulations.

The German data protection authority, the Bavarian State Office for Data Protection Supervision (BayLDA), has issued corrective measures for the digital identity project World, formerly known as Worldcoin, over its handling of biometric data. The BayLDA announced on Dec. 19 that it had concluded its investigation into World’s compliance with the European Union’s General Data Protection Regulation (GDPR).

Corrective Measures and Response

The authority has ordered World to implement a data deletion procedure that adheres to GDPR standards within one month of the ruling’s effective date. In response, the World Foundation has appealed the decision by asking regulators to provide judicial clarity on whether World Network’s Privacy Enhancing Technologies (PETs) meet the legal definition for anonymization in the EU.

In addition, the company announced in May 2024 the shutdown of its previous system and the deletion of all stored data. The BayLDA president, Michael Will, stated that the authority’s latest decision aims to strengthen the rights of World users:

"With today’s decision, we are enforcing European fundamental rights standards in favor of the data subjects in a technologically demanding and legally highly complex case," Will said. "All users who have provided ‘Worldcoin’ with their iris data will in future have the unrestricted opportunity to enforce their right to erasure."

BayLDA Orders World to Fulfill Multiple Obligations

Despite World’s efforts to improve GDPR compliance, BayLDA has identified further adjustments needed to meet regulatory requirements. In addition to a requirement to set up a compliant data deletion procedure, BayLDA also asked World to provide explicit consent for certain processing steps in the future.

Additionally, World is obliged to delete certain data records "previously collected without a sufficient legal basis was ordered ex officio," the BayLDA stated. The order aims at all those sets of iris codes from its customers which were gathered in the starting phase in summer 2023 until a certain point in this year, where Worldcoin changed its activities to a more lawful basis.

Due to national administrative law, the assessment of whether an administrative offense proceeding will be initiated is reserved for a separate proceeding, BayLDA stated. The same applies to the examination of numerous complaints from European users concerning specific individual issues, such as the protection of minors, which were not the subject of the current decision.

World Asks for Clarity on Anonymization in the EU

According to the World Foundation, BayLDA’s decision clearly illustrates the need to establish a clear and consistent definition of anonymization in the EU to help protect personal data in the age of artificial intelligence. GDPR currently does not provide this, and both World Foundation and World contributor TFH believe it is essential for this issue to be addressed quickly.

"Data anonymization, not just data deletion, is essential for enabling people to verify themselves as human online while remaining completely private," TFH’s chief legal and privacy officer, Damien Kieran, said. "Without a clear definition around anonymization, however, we lose perhaps our most powerful tool in the fight to protect privacy in the age of AI."

As such, the Would Foundation said it is appealing BayLDA’s decision to seek clarity on whether World’s tech meets the legal definition for anonymization in the EU.

"The World Foundation and TFH will continue to work closely with regulators in the EU and elsewhere to ensure this important question is answered in a way that supports protecting privacy and innovation," it added.

Related Articles

  • World ID Trolls Spotify with ‘Unwrapped’ Privacy Meme
  • Magazine: 13 Christmas Gifts That Bitcoin and Crypto Degens Will Love

Subscribe to the Markets Outlook Newsletter

Critical insights to spot investment opportunities, mitigate risks, and refine your trading strategies. Delivered every Monday.

By subscribing, you agree to our Terms of Services and Privacy Policy.

Background Information on Worldcoin and GDPR Compliance

Worldcoin, launched in July 2023 by Tools for Humanity (TFH) — co-founded by OpenAI CEO Sam Altman — uses iris biometrics for digital identity verification. The BayLDA initiated a probe into the project in 2023, citing concerns over biometric data collection.

According to BayLDA president Michael Will, the authority’s latest decision aims to strengthen the rights of World users:

"With today’s decision, we are enforcing European fundamental rights standards in favor of the data subjects in a technologically demanding and legally highly complex case," Will said. "All users who have provided ‘Worldcoin’ with their iris data will in future have the unrestricted opportunity to enforce their right to erasure."

Implementation of Corrective Measures and Future Developments

The BayLDA has ordered World to implement a data deletion procedure that adheres to GDPR standards within one month of the ruling’s effective date. This measure is aimed at ensuring that all users’ personal data is handled in accordance with European regulations.

In response to the corrective measures, the World Foundation has appealed the decision by asking regulators to provide judicial clarity on whether World Network’s Privacy Enhancing Technologies (PETs) meet the legal definition for anonymization in the EU.

The company announced in May 2024 the shutdown of its previous system and the deletion of all stored data. This move demonstrates a commitment to complying with regulatory requirements and prioritizing users’ rights.

Consequences of Non-Compliance

Failure to comply with GDPR regulations can result in significant penalties, including fines and reputational damage. The BayLDA’s corrective measures serve as a reminder of the importance of adhering to data protection standards.

The World Foundation’s appeal highlights the need for clear guidelines on anonymization and its application in the digital identity sector. This development underscores the ongoing debate surrounding the balance between innovation and user privacy.

Future Developments and Implications

The outcome of the World Foundation’s appeal will have far-reaching implications for the digital identity industry. A clearer definition of anonymization could lead to increased trust among users, while also providing a framework for companies to ensure compliance with regulatory requirements.

As the debate around data protection continues, it is essential for stakeholders to remain informed about the latest developments and their potential impact on the industry as a whole.

Subscribe to Our Newsletter

Stay up-to-date with the latest news, insights, and analysis on market trends, regulatory updates, and more. Delivered every Monday.

By subscribing, you agree to our Terms of Services and Privacy Policy.

Related Articles

  • World ID Trolls Spotify with ‘Unwrapped’ Privacy Meme
  • Magazine: 13 Christmas Gifts That Bitcoin and Crypto Degens Will Love