Worldcoin Ordered to Delete User Iris Data Following GDPR Violations
In a significant development that underscores the stringent data protection laws in Europe, Worldcoin, a cryptocurrency project known for its iris-scanning technology to verify human identity, has been mandated to comprehensively delete user data collected from its European users.
The Decision
On December 19, 2024, the Bavarian State Office for Data Protection Supervision issued a corrective order requiring Worldcoin to delete all iris scan data of its European users upon their request. This decision is in line with the General Data Protection Regulation (GDPR), which grants individuals the right to erasure of their personal data.
Michael Will, the head of the Bavarian data protection authority, emphasized that "all users who have provided ‘Worldcoin’ with their iris data will in future have the unrestricted opportunity to enforce their right to erasure." Worldcoin has been given one month to implement a deletion procedure that complies with GDPR provisions.
Implications and Compliance
The order also stipulates that Worldcoin must obtain explicit consent for certain processing steps in the future, indicating that the onboarding process will need to be revised to provide EU users with more detailed information before conducting eyeball scans. Additionally, Worldcoin has been ordered to delete data records previously collected without a sufficient legal basis.
Technical and Legal Challenges
Worldcoin's appeal against the corrective order hinges on its claim that its technical architecture is "privacy-preserving" and anonymizes user data, suggesting that GDPR data access rights should not apply. However, the Bavarian authority has stressed that despite improvements made to the data processing, fundamental data protection risks remain, particularly concerning the comprehensive erasure of data following the withdrawal of consent.
Regional Enforcement
This is not the first time Worldcoin has faced regulatory scrutiny in Europe. Earlier enforcement actions from data protection authorities in Portugal and Spain led to the shutdown of its eyeball scanning operations in those markets due to concerns about the risks of capturing children's data. Despite these challenges, Worldcoin has recently expanded its operations to Austria.
Future Outlook
The decision marks a significant challenge to Worldcoin's ambition of creating a global system for verifying human identity using biometric data. As the company prepares to appeal the order, it faces the daunting task of balancing its technological goals with the stringent data protection standards of the European Union.
For expats in Spain, this development highlights the robust protection of personal data under European law and the ongoing scrutiny of innovative technologies that involve sensitive biometric information. As Worldcoin navigates these regulatory hurdles, it remains to be seen how the company will adapt its practices to comply with GDPR requirements while pursuing its mission of verifying human identity in the digital age.
About MovetoSpain.es
MovetoSpain.es is an independent data website that helps people move to, live in, and integrate into Spain. We use AI to gather data from around the web to provide you with the most up-to-date information.
Sources for this story:
Related Stories
Vodafone Spain Expands 5G Coverage to Reach 90% of Population by End-2025
March 9, 2025
Mobile World Congress 2025 Sets New Heights, Matching Pre-Pandemic Records
March 7, 2025
Cantabria to Host New Technological Campus and Data Centers with €3.6 Billion Investment
February 26, 2025
Las Palmas de Gran Canaria to Launch Innovative Sandbox for Experimental Projects
February 25, 2025
Volvo Revolutionizes EV Ownership with Plug & Charge and Next-Gen Infotainment
February 13, 2025
EuroMillions Results in Spain for Tuesday 1st
Tuesday, April 1st, 2025
Subscribe to Our Newsletter
Stay updated with the latest news and stories from Spain.