The next few weeks could be crucial WorldcoinThe controversial eyeball-scanning crypto venture, co-founded by OpenAI’s Sam Altman, has had its operations almost entirely shut down in the EU – including France, Germany, Portugal and Spain – following a series of privacy complaints.
The EU is the only market Worldcoin is still eyeing Worldcoin.org website Its developer Tools for Humanity (TfH) has a local office in Germany. But that could change soon depending on the outcome of an investigation launched by Bavaria’s data protection authority.
The authority told TechCrunch it expects to make a decision on the investigation soon – with a spokesperson suggesting it would be ready to publish its findings in mid-July. The watchdog launched an investigation into Worldcoin last year Global launch in July 2023,
“Considering further steps to catch up with other SA [supervisory authorities] “I hope we will be able to make the results publicly available for use by mid-July 2024,” he told us.
In the EU, complaints have been raised that Worldcoin is violating the bloc’s General Data Protection Regulation (GDPR), which sets rules for how personal data can be processed. This arrangement not only gives supervisory officials, aka data protection authorities (DPAs), the power to issue fines of up to 4% of global annual turnover for confirmed violations. They can also order non-compliant processing to stop.
This is important because in the case of a crypto-biometrics project like Worldcoin – which turns a person’s eye scan into an immutable identity token stored on a decentralized blockchain – this could mean setting conditions that essentially ban it from the EU forever. Unless Worldcoin is able to modify its systems so that personal data can be deleted upon request. But, er, blockchains don’t usually work that way.
Other GDPR concerns surrounding Worldcoin include the legal basis it claims for processing people’s sensitive biometric data for the purpose of their identification; and whether it is meeting the transparency and fairness requirements of the regulation.
A major criticism of its approach is that it encourages people to hand over their sensitive biometric data in exchange for a cryptocurrency of the same name included in its proof of “humanity” identification system – whereas the GDPR requires freely given consent to data processing.
Fears that Worldcoin could pose a risk to children have led some EU regulators to temporarily ban Worldcoin from operating on their markets this year following complaints that Worldcoin operators conducted eye-checks on minors.
back in march Spain’s data protection authority (DPA) took such emergency action – ordering Worldcoin to stop collecting and processing local people’s data for three months. It said it was acting on a number of privacy complaints, including risks to children’s information. The move came soon after A similar order was also issued by the DPA of Portugal In addition, complaints regarding eye scanning of minors were also acted upon by Worldcoin.
Despite these immediate interventions, German privacy regulators have allowed Worldcoin to continue to market people while the Bavarian DPA investigates. However the image below of a Worldcoin scanning location in Berlin – embedded in a Post to X – It is notable for the inclusion of a prominent poster in the window displaying the 18+ age limit for presenting the iris to the orb.
On Tuesday the Spanish D.P.A. announced the Worldcoin has agreed not to resume its operations on the market after the expiry of its three-month ban order. In a press release, it said that the developer of Worldcoin has committed – in what it described as a “legally binding manner” – to not resume its operations until the Bavarian authority adopts a final resolution on the investigation (or else not before the end of the year).
TFH initially tried to challenge Spain’s temporary ban in the courts, including seeking an injunction (which was later dismissed). not granted) It’s unclear why the company has agreed to wait for the outcome of the Bavarian investigation, but it may have decided it was the best course of action to reduce its regulatory risk. It may also be confident it won’t have to wait too long for a verdict.
There is another interesting tidbit in the Spanish authority’s press release – which states that following its emergency order the TfH announced changes to the operation of Worldcoin, including the introduction of controls to verify the age of users; and “the possibility of eliminating the iris code”.
TFH was asked questions about its agreement with the Spanish DPA and the changes made to it, but had not responded at the time of going to press.
Spain’s DPA also said it expected the Bavarian data protection authority’s investigation to be concluded “soon” – adding that it hoped the final decision would reflect the position of all relevant European supervisory authorities.
If there is a dispute between DPAs over what to do about Worldcoin, it is worth noting that the GDPR has a mechanism for handling cross-border complaints that allows relevant authorities to raise objections. If there is still no majority opinion, the European Data Protection Board could be asked to intervene and make a final decision.
worldcoin-faces-pivotal-eu-privacy-decision-within-weeks-techcrunch
