South Korea Fines Worldcoin $830,000 for Data Privacy Violations

• Worldcoin and its development firm, Tools For Humanity, have been fined by South Korea’s Personal Information Protection Commission for improper handling of personal data.
• The violations primarily relate to the collection and transfer of biometric data, including issues with notification and consent.
• The fines total 1.1 billion Korean won ($830,000), with specific penalties for both mishandling sensitive data and improper overseas data transfer.

Worldcoin fined $830,000 by South Korean regulators for data privacy violations

Significant Fines for Data Privacy Breaches

The Personal Information Protection Commission (PIPC) in South Korea has imposed substantial fines on Worldcoin and its development firm, Tools For Humanity (TFH), amounting to 1.1 billion Korean won ($830,000). The penalties are due to violations in the collection and transfer of personal data, particularly failing to properly notify individuals about the intent and duration for retaining their scanned iris data. This comprehensive decision highlights the importance of rigorous data privacy practices, especially in handling sensitive biometric information.

Inadequate Compliance with Local Regulations

Among the key reasons for the fines were failure to provide a Korean translation of the consent form for biometric data and lack of adequate information for data subjects regarding the overseas transfer of their personal information. The Worldcoin Foundation was fined 725 million won ($545,000) for these violations. Additionally, TFH received a 379 million won ($285,133) penalty for their breach of duty in transferring the data internationally. The Commission emphasized that these lapses compromised the transparency and security required by local privacy laws.

Issues with Data Deletion and Age Verification

The investigation revealed further compliance issues, including the absence of measures for subjects to request deletion of their iris data and insufficient age verification for individuals under 14 years old until April of this year. These findings underscore the need for robust procedures to ensure the protection and correct handling of sensitive data. Despite these setbacks, the PIPC noted that data collection was not banned outright, provided the necessary amendments were made to address these concerns.

Company’s Response and Future Outlook

In response to the penalties, TFH expressed its compliance with South Korean regulations in a press release, stating the identified weaknesses in their initial disclosures have since been rectified. The company views the PIPC’s decision as a resolution to the regulatory scrutiny in South Korea, affirming the legality of the iris-scanning orb used for verifying “humanness.” TFH highlighted their commitment to upholding stringent data privacy standards in line with the Personal Information Protection Act.

Conclusion

The fines imposed on Worldcoin and its development firm underscore the critical need for strict adherence to data privacy regulations, especially in emerging technologies involving biometric information. The resolution from the PIPC serves as a firm reminder for all companies operating in South Korea to prioritize transparency and compliance in handling personal data. Going forward, Worldcoin aims to refine its privacy practices to maintain trust and regulatory compliance in its operations.