French authorities do not support WorldCoin's iris scanning technology.Image: Shutterstock
European data and privacy regulators have already launched an investigation into the collection of biometric data by cryptographic project Worldcoin, which scans people's irises to confirm they are human.
World Coin was officially announced last week, and people around the world lined up to scan their eyeballs with a large silver ball so they can get their unique World ID and start receiving WLD cryptocurrency.
Co-founder Sam Altman, who is also CEO of OpenAI, the developer of ChatGPT, said the project is a “trusted solution for distinguishing between humans and AI online while protecting privacy.”
But Europe's privacy watchdogs are already taking action.
This was announced by France's National Freedom of Information Commission (CNIL). Reuters Legality Worldcoin's data collection regime “appears questionable, as do the conditions under which biometric data is stored.”
Meanwhile, the Bavarian Data Protection Supervisory Authority (which is reportedly tasked with overseeing WorldCoin's operations within the EU) has said that WorldCoin collects “a very large amount of sensitive data”. We began investigating World Coin in November due to concerns that
WorldCoin claims it permanently deletes iris pattern images collected by its proprietary device, the Orb, unless users opt-in to its “data retention” regime.
When a user chooses to store their biometric data on Worldcoin, that biometric data is “processed locally” and then “sent to a secure decentralized data store where it is encrypted and stored.” It is then removed from the orb.
If you choose not to store your eye and face scans on Worldcoin, they will be processed locally and “then permanently deleted”, leaving behind an IrisCode (a series of numbers generated by the orb) that will be used to identify the user. Signup is blocked. More than once.
According to the project's biometric data consent form, IrisCode cannot be deleted. tech crunch It has been pointed out that this may become a point of contention with European regulatory authorities.
Under the General Data Protection Regulation (GDPR), people have the right to request that organizations delete their personal data. This is what Worldcoin points out in the section of his GDPR rights agreement, but the company designed its protocol to mirror IrisCode. An individual's unique biometric data cannot be deleted. Otherwise “uniqueness proof will not work”.
When World Coin was announced in 2021, whistleblower Edward Snowden tweeted The company appears to be creating a “database of people's iris scans” and said there is no point in deleting the scans if WorldCoin still stores the “hashes”. [IrisCodes] Generated by scan. Hash to match on future scans. ”
Under the GDPR, biometric data is classified as a “special category of data” that has stricter processing and storage requirements than other forms of data.
Biometric data can only be collected with the user's “explicit consent.” In the case of Worldcoin, users must read and understand the entire 3,800-word agreement when considering the promise of free money.
Australian law similarly considers biometric data to be “sensitive” data and limits the circumstances in which it can be legally collected.
Worldcoin currently does not have an orb location for iris scanning in Australia.
Approximately 2.1 million people have signed up for WorldCoin, the first 2 million during a controversial beta period when orbs appeared in developing countries, according to the company's website.
detailed MIT Technology Review An investigation last year revealed how its data collection regime was riddled with secrecy, confusion and technical flaws, and that Orb operators bribed public officials to teach Worldcoin's neural network how to identify humans. It is explained that it was full of suspicion.
