The Bavarian Data Protection Authority (BayLDA) has demanded that Worldcoin delete all iris codes that you have stored since the beginning of your activity in the European Union (EU). The German regulator, in consensus with the bloc’s data protection authorities, has adopted this and other measures against the company related to Sam Altman.
As detailed in the resolution published this Thursday, Worldcoin must also ensure that the processing of future iris data is carried out on the basis of the explicit consent of the interested party, as indicated by the European GDPR. In addition, the firm now has one month to implement a system that guarantees the right to deletion of its users’ data.
Worldcoin defends itself and confirms that it will appeal
The World Foundation, the entity that now controls Worldcoin, was quick to make public its position regarding the BayLDA decision. First, they have pointed out that the iris codes used to verify people is no longer storedn, and that those that had been previously collected “were voluntarily deleted” in May of this year.
In this sense, the company explains that the aforementioned movement was possible thanks to the implementation of a technology known as AMPC that ensures that iris codes are not retained or stored. Unlike what happened previously, Worldcoin now uses “anonymized” data which, they claim, allows the anonymous functioning of your World ID.
Asked why it didn’t take this approach from the beginning, the company said in a blog post that these technological improvements were possible in the last 12 months and said that the results of the BayLDA investigation refer, to a large extent, to obsolete operations and technologies that have been replaced in 2024.
In its counterattack, the World Foundation ended up offering unsolicited advice to the EU. He said the bloc urgently needs to establish a clear and consistent definition of “anonymization” that will help protect people’s data in the age of artificial intelligence. Likewise, he did not hesitate to say that the GDPR does not provide such protection.
Although the company claims to have met some of the regulators’ demands, it has said that will appeal the BayLDA decision. The fact is that the scrutiny of its operations has not ended. The investigation also indicates that adequate measures were not implemented for the processing of minors’ data.
This last point could be the subject of further investigation. However, failure to comply with European Union privacy legislation can result in various sanctions. In recent times we have seen how companies like Meta and Amazon have been hit with fines of several million euros.
When Worldcoin landed in the European Union (EU) in July 2023 it triggered rapid scrutiny from some regulators. In March of last year, the Spanish Data Protection Agency (AEPD) detected signs of GDPR non-compliance. It then temporarily blocked the collection and processing of personal data.
Far from standing idly by, the organization behind Worldcoin appealed the AEPD’s decision before the National Court, but did not obtain a favorable result in this area. In parallel, the AEPD and the BayLDA were actively cooperating based on the provisions of article 60 of the RGPD. The cooperation has just ended.
The cooperation agreement between the AEPD and the BayLDA culminates with the publication of the latter’s resolution. For the Spanish agency it represents a ratification of the precautionary measure that we mentioned above. We have to wait to find out how this battle between regulators and the company whose European headquarters is located in Bavaria will continue.
Images | World Foundation
In WorldOfSoftware | I have scanned my iris in exchange for free tokens: Worldcoin points the way to what awaits us with digital identity
In WorldOfSoftware | LaLiga already has the support of judges to track users: it will identify the IP of those who watch football through AceStream
/cdn.vox-cdn.com/uploads/chorus_asset/file/25798114/emily_watson_0.jpeg)
