The Bavarian State Office for Data Protection Supervision (BayLDA) has concluded its investigation into Worldcoin’s biometric data practices, ordering the company to implement stricter privacy measures. Worldcoin has been instructed to provide a GDPR-compliant data deletion process within one month and obtain explicit user consent for certain data processing activities.
The investigation, which began in April 2023, focused on Worldcoin’s collection and use of iris-derived biometric data for its World ID system. This system creates unique digital identities to authenticate individuals and prevent duplicate registrations. While Worldcoin paused its activities in some EU countries voluntarily during the investigation, the BayLDA found additional compliance issues.
Michael Will, President of BayLDA, emphasized the importance of enforcing European fundamental rights standards, stating that all users who provided iris data to Worldcoin now have the right to demand the erasure of their data. The ruling requires Worldcoin to introduce a GDPR-compliant data deletion process, obtain explicit consent for data processing activities, and delete data collected without a sufficient legal basis.
The investigation was conducted in collaboration with European data protection authorities under the GDPR framework. Worldcoin’s global operations have posed regulatory challenges, with scrutiny in various regions over data protection standards and compliance with local laws. While investigations in some countries have been closed without further action, concerns persist in other areas like Hong Kong and Singapore regarding data collection practices and potential financial misconduct.
Overall, Worldcoin continues to face global scrutiny over its biometric data practices and compliance with data protection regulations. The company must now adhere to the BayLDA’s orders and implement stricter privacy measures to ensure the protection of user data and compliance with European data protection standards.