Europe Reacts Swiftly to Privacy Concerns Following Worldcoin's Official Launch
Worldcoin's Global Rollout Raises Privacy Concerns in Europe as Data Protection Authorities Investigate
Worldcoin, a project led by OpenAI CEO Sam Altman, has recently begun its official global rollout with the aim of verifying human identity by scanning individuals' eyeballs in exchange for crypto tokens. The initiative, however, has already caught the attention of European data protection authorities.
The concept behind Worldcoin is driven by the development of advanced AI, such as ChatGPT, which blurs the lines between human and bot-generated digital activity. To address this challenge, Worldcoin offers a solution through an orb that scans eyeballs to provide a form of virtual currency known as "digital tokens."
Worldcoin's pop-up locations in the UK, France, Germany, and Spain have begun offering digital tokens to individuals who willingly provide their biometric data using the proprietary orbs. Nevertheless, privacy regulators in at least three of these markets have voiced concerns and initiated investigations into Worldcoin's handling of sensitive personal data.
The UK's Information Commission Office (ICO) has responded by stating that organizations must conduct a Data Protection Impact Assessment (DPIA) before processing high-risk data, such as biometric information. Consent must also be freely given and easily revocable without detriment. Considering the context of incentivizing people to share biometrics for digital tokens, questions arise about the true nature of consent in this scenario.
Subsequently, France's data protection authority, CNIL, has expressed even more explicit concerns about the legality of Worldcoin's data collection and storage practices. It has been actively investigating the matter and has involved Bavaria's DPA since it serves as Worldcoin's lead data supervisor in the EU.
Given the General Data Protection Regulation (GDPR), Worldcoin's focus on using biometric data for identification purposes falls under "special category data," which carries stringent legal processing requirements. Tools For Humanity, the technology company behind Worldcoin, claims consent as the lawful basis for processing Europeans' biometric data. However, the GDPR demands explicit consent for such sensitive data, necessitating a clear and specific explanation of the processing procedures—something that might be challenging given the extensive legal language presented to individuals seeking to obtain crypto rewards.
As the investigations unfold, further clarity is expected to emerge regarding the compliance of Worldcoin's operations with European data protection laws.