Worldcoin Ordered to Delete User Iris Data Following GDPR Violations
In a significant development that underscores the stringent data protection laws in Europe, Worldcoin, a cryptocurrency project known for its iris-scanning technology to verify human identity, has been mandated to comprehensively delete user data collected from its European users.
The Decision
On December 19, 2024, the Bavarian State Office for Data Protection Supervision issued a corrective order requiring Worldcoin to delete all iris scan data of its European users upon their request. This decision is in line with the General Data Protection Regulation (GDPR), which grants individuals the right to erasure of their personal data.
Michael Will, the head of the Bavarian data protection authority, emphasized that "all users who have provided ‘Worldcoin’ with their iris data will in future have the unrestricted opportunity to enforce their right to erasure." Worldcoin has been given one month to implement a deletion procedure that complies with GDPR provisions.
Implications and Compliance
The order also stipulates that Worldcoin must obtain explicit consent for certain processing steps in the future, indicating that the onboarding process will need to be revised to provide EU users with more detailed information before conducting eyeball scans. Additionally, Worldcoin has been ordered to delete data records previously collected without a sufficient legal basis.
Technical and Legal Challenges
Worldcoin's appeal against the corrective order hinges on its claim that its technical architecture is "privacy-preserving" and anonymizes user data, suggesting that GDPR data access rights should not apply. However, the Bavarian authority has stressed that despite improvements made to the data processing, fundamental data protection risks remain, particularly concerning the comprehensive erasure of data following the withdrawal of consent.
Regional Enforcement
This is not the first time Worldcoin has faced regulatory scrutiny in Europe. Earlier enforcement actions from data protection authorities in Portugal and Spain led to the shutdown of its eyeball scanning operations in those markets due to concerns about the risks of capturing children's data. Despite these challenges, Worldcoin has recently expanded its operations to Austria.
Future Outlook
The decision marks a significant challenge to Worldcoin's ambition of creating a global system for verifying human identity using biometric data. As the company prepares to appeal the order, it faces the daunting task of balancing its technological goals with the stringent data protection standards of the European Union.
For expats in Spain, this development highlights the robust protection of personal data under European law and the ongoing scrutiny of innovative technologies that involve sensitive biometric information. As Worldcoin navigates these regulatory hurdles, it remains to be seen how the company will adapt its practices to comply with GDPR requirements while pursuing its mission of verifying human identity in the digital age.
About MovetoSpain.es
MovetoSpain.es is an independent data website that helps people move to, live in, and integrate into Spain. We use AI to gather data from around the web to provide you with the most up-to-date information.
Sources for this story:
Related Stories
Santa María de Cayón Embraces Digitalization with Advanced Equipment
December 27, 2024
Can Autonomous AI Machines Be Morally Responsible? A Growing Debate in Spain and Globally
December 25, 2024
Torrelavega’s Tecnoteca Project Nears Completion, Set to Open in 2025
December 24, 2024
Spain's Progress and Challenges in the EU's Digital Decade and Economic Landscape
December 19, 2024
Creating a Safe Digital Environment: A Crucial Step for a Healthy Childhood in Spain
December 17, 2024
EuroMillions Results in Spain for Friday 20th
Friday, December 20th, 2024
Subscribe to Our Newsletter
Stay updated with the latest news and stories from Spain.