- The Information Commissioner’s Office (ICO) is investigating the WLD token project launched by Worldcoin, founded by OpenAI CEO Sam Altman, yesterday.
- The launch of Worldcoin raises questions about user data protection. According to the ICO, organizations involved in the processing of high-risk biometric data must conduct a Data Protection Impact Assessment.
- Worldcoin stated that it complies with local laws, just as the European General Data Protection Regulation has been incorporated into post-Brexit UK laws.
The ICO, the Data Protection Regulator in the United Kingdom, announced that they have identified the launch of Worldcoin in the UK and will conduct an investigation.
United Kingdom to Begin Investigation on Worldcoin
The Information Commissioner’s Office (ICO), the data regulator in the United Kingdom, is investigating the WLD token project launched by Worldcoin, founded by OpenAI CEO Sam Altman, yesterday. A spokesperson from the ICO said, “We have noticed the launch of Worldcoin in the UK and will conduct an investigation.”
The United Kingdom Information Commissioner’s Office announced that it will investigate #Worldcoin. $WLD
— COINOTAG (@coinotag) July 25, 2023
The launch of Worldcoin raises questions about user data protection. According to the ICO, organizations involved in the processing of high-risk biometric data must conduct a Data Protection Impact Assessment. If it is not possible to mitigate the identified risks, it becomes mandatory to consult with the ICO. The regulator stated the following regarding the matter;
“Organizations must conduct a Data Protection Impact Assessment before commencing any processing that is likely to result in high risks, such as the processing of special category biometric data. When they identify high risks and cannot mitigate them, they must consult with the ICO.”
In addition, a clear legal basis is required for the processing of personal data in the UK, and freely given consent is important for this. The ICO emphasized the necessity of a legal basis:
“Organizations must also have a clear legal basis for the processing of personal data. When relying on consent, this consent must be freely given and individuals must be able to withdraw it without suffering any disadvantages.”
Worldcoin’s Data Privacy
Worldcoin stated that it complies with local laws, just as the European General Data Protection Regulation has been incorporated into post-Brexit UK laws. Worldcoin said the following about the matter:
“The Worldcoin Foundation and contributor Tools for Humanity adhere to the strictest privacy rules and requirements in the markets where Worldcoin operates, and we continue to evaluate compliance with local laws and regulations in selected communities.”
Worldcoin added, “Furthermore, according to GDPR, Worldcoin fully complies with all laws and regulations, including the collection of biometric data and data transfers. In the European Union, Tools for Humanity is supervised by the Bavarian Data Protection Supervisory Authority.”
According to the Frequently Asked Questions (FAQs) section on Worldcoin’s website, “Worldcoin never collects any biometric data without the explicit consent of a user.” The page also states that the user does not need to share personal data to download the World App and that any personal data shared with Worldcoin is encrypted during transit and at rest.
Worldcoin stated the following;
“The images collected by Orb are used to create a unique iris code. By default, these images are immediately deleted unless the user chooses to participate in data ownership,” the project says. “The option to participate in data ownership will reduce the likelihood and frequency of re-verifying the user’s World ID as iris code algorithms change. The World ID registration process is designed solely to verify an individual’s uniqueness.”
The project added that it will not sell personal data; “Worldcoin users may choose to share additional data, but this is not mandatory. What matters is that the Worldcoin Foundation and initial contributor Tools for Humanity have not sold and will not sell anyone’s personal data, including biometric data.”