The Bavarian State Office for Data Protection Supervision (BayLDA) has directed Worldcoin to adopt stricter privacy protocols after completing its investigation into the company’s biometric data practices. The investigation focused on Worldcoin’s handling of iris-derived biometric data, which is used to create unique digital identities through the World ID system.
GDPR-Compliant Data Deletion Process Required
Worldcoin (WLD) is now required to implement a GDPR-compliant data deletion process within a month. The BayLDA has also instructed the company to secure explicit user consent for specific data processing activities and to delete any data previously collected without a valid legal foundation.
Investigation Findings
The investigation, which began in April 2023, examined Worldcoin’s collection and use of iris data. This data is part of the company’s efforts to authenticate individuals and prevent duplicate registrations. During the investigation, Worldcoin paused its operations in certain European Union countries, although the BayLDA discovered further compliance issues.
Michael Will, President of the BayLDA, emphasized the importance of protecting European fundamental rights, stating, “With today’s decision, we are enforcing European fundamental rights standards in favor of the data subjects. All users who provided Worldcoin with their iris data will now have the unrestricted right to demand the erasure of their data.”
Immediate Action Required
The BayLDA’s ruling mandates that Worldcoin introduce a GDPR-compliant data deletion process within one month of the decision. Additionally, the company must secure explicit consent for specific data processing activities and erase any data collected without a valid legal basis. The investigation also continues to examine issues related to the protection of minors and potential administrative offenses.
International Scrutiny and Compliance Challenges
Worldcoin’s operations span across Europe and the globe, creating challenges in enforcing uniform data protection standards. The company has faced international scrutiny regarding its biometric data practices and compliance with local laws. However, not all investigations have progressed to the same extent.
In Kenya, authorities initially suspended Worldcoin’s operations due to concerns about privacy, security, and financial practices. The investigation was later closed, contingent on the company’s compliance with local regulations. Meanwhile, concerns persist in regions like Hong Kong and Singapore, where data collection practices and potential financial misconduct remain under investigation. These ongoing concerns highlight the global challenges Worldcoin faces as it seeks to operate across multiple jurisdictions.
The post German regulator orders Worldcoin to enhance privacy measures after biometric data probe appeared first on CryptoSlate.
