Worldcoin's Fate Hangs in Balance with EU Privacy Review and Temporary Extended Ban in Spain: Is It The End for Worldcoin?

In the weeks ahead, Worldcoin, the crypto venture known for its controversial eyeball-scanning technology and co-founded by Sam Altman of OpenAI, may face a critical juncture in its European operations.

Despite the innovative nature of its biometric authentication system, Worldcoin has encountered significant resistance from several EU countries, including France, Germany, Portugal, and Spain, all of which have raised concerns over privacy issues.

Tools for Humanity (TfH), a key contributor to Worldcoin, has proactively extended the pause on Worldcoin orb operations in Spain.

This decision grants the Bavarian State Office for Data Protection Supervision (BayLDA), the lead authority overseeing Worldcoin's GDPR compliance, additional time to complete its audit.

Germany the only EU Market Left for Worldcoin

According to the latest information available on Worldcoin.org, the sole EU territory where Worldcoin continues to operate its eyeball-scanning technology is Germany, facilitated by its local entity, TfH.

However, this operational status could be subject to change in the near future, contingent upon the findings of an investigation initiated by Bavaria's data protection authority.

The authority has indicated that it anticipates concluding its probe shortly, with a spokesperson suggesting a mid-July timeline for the publication of its findings.

This scrutiny commenced in the aftermath of Worldcoin's global launch in July 2023, which drew the attention of German privacy regulators.

The spokesperson said:

“Taking into account further steps to align with other SA's [supervisory authorities] I currently expect results that we are able to use in public in mid July 2024.”

Despite the regulatory pressures that have led to Worldcoin's withdrawal from other countries, German authorities have permitted the company to maintain its operations while the investigation is ongoing.

An image shared on X, depicted a Worldcoin scanning location in Berlin featuring a signage indicating an 18+ age restriction for individuals willing to submit their iris data for scanning purposes.

As indicated on Worldcoin's blog, in-person age verification checks have been implemented to ensure that Worldcoin is accessible exclusively to individuals aged 18 and older.

Spain Prolongs Worldcoin Ban Till End of 2024

According to an official statement by Worldcoin on 4 June, TfH has voluntarily extended the suspension of orb operations in Spain until the end of 2024 or until the GDPR compliance audit is completed.

This suspension includes the use of Worldcoin orbs, devices designed to scan users' irises to create digital identities.

Presently, the Bavarian data protection authority in Germany, the Bavarian Data Protection Authority (BayLDA) is conducting an inquiry into the company's handling of personal user data.

The announcement reads:

“In this context, the company has made a legally binding commitment not to resume its activity in Spain until the end of the year or until the BayLDA adopts a definitive resolution in relation to the data processing carried out by the company."

The AEPD's initial three-month ban on Worldcoin's data collection activities was imposed in March, citing various concerns such as insufficient information provision, data collection from minors, and the lack of a withdrawal mechanism for consent.

This directive was enacted under Article 66.1 of the General Data Protection Regulation (GDPR), which is designed to protect the rights and freedoms of individuals.

The Spanish National Court has since upheld the ban and dismissed Worldcoin's appeal, underscoring the importance of personal data protection over corporate interests.

Worldcoin has entered into a legally binding agreement to suspend its operations until the BayLDA concludes its investigation, which is anticipated to occur in the near future.

The agreement does not restrict the AEPD or BayLDA's ability to implement additional supervisory measures if deemed necessary.

The two data protection authorities continue to collaborate, with the AEPD participating as an interested party within the GDPR framework.

Interestingly, Worldcoin went on to post that "World ID's verified proof of humanness can help increase trust online in Spain…”

On its blog, Thomas Scott, Chief Legal Officer, Tools for Humanity, expressed:

“While it is encouraging that, in a recent survey* of World ID users in Spain, more than 80% of the 21,000 respondents said they believe technologies like World ID are important to distinguish between bots and humans online and nearly 90% of them support the project's return to Spain, we voluntarily offered to extend pausing orb operations in the country. Our commitment demonstrates just how fully committed Tools for Humanity and all Worldcoin project contributors are to explaining the project to AEPD and to allowing BayLDA the opportunity to thoroughly review the project and its technology.”

Worldcoin Facing Regulatory Challenges Since its Inception

Since its inception, Worldcoin has been the subject of intense scrutiny and controversy.

Founded with the vision of utilising blockchain technology to facilitate universal basic income and financial inclusion, Worldcoin's creators, including OpenAI CEO Sam Altman, have faced significant backlash.

The project's method of collecting and storing biometric data has raised alarms among privacy advocates and regulatory bodies worldwide.

In the European Union (EU), Worldcoin has been accused of violating the General Data Protection Regulation (GDPR), which governs the processing of personal data.

The GDPR empowers supervisory authorities, known as data protection authorities (DPAs), to impose fines of up to 4% of a company's global annual revenue for confirmed breaches and to halt non-compliant data processing activities.

As for Worldcoin, the iris codes are compact numeric representations of an individual's unique iris texture.

Using a secure multi-party computation (SMPC) system, these iris codes are divided into multiple encrypted "secret shares" stored across various secure databases.

Although no single party can decrypt the shares, they can collectively perform the necessary mathematical computations to verify the uniqueness of a newly submitted iris code.

In addition, the project aims to provide individuals with unparalleled personal control through various data deletion options.

Additional GDPR concerns regarding Worldcoin involve the legal justification for processing sensitive biometric data for identification purposes and whether the project meets the regulation's transparency and fairness criteria.

Upon verifying their unique human identity, individuals receive a verified World ID, making them eligible to claim WLD grants, where available.

This practice conflicts with the GDPR's requirement for freely given consent for data processing.

Moreover, fears that Worldcoin may pose risks to children have prompted some EU regulators to impose temporary bans on its operations following reports that Worldcoin operators had scanned the irises of minors.

In addition, Worldcoin is encountering regulatory hurdles in various jurisdictions, including bans on its operations in Hong Kong and Kenya.

Whereas in Portugal, and France, the operations have been halted.

Kenya has accused the project of engaging in espionage through its activities.

Late May, Worldcoin was directed to cease operations in Hong Kong following a ruling that deemed the retention of sensitive biometric data for up to a decade, for the purpose of training artificial intelligence (AI) models, including face and iris images, as unjustifiable.

According to our previous article, it stated that Hong Kong's city's privacy watchdog, the Office of the Privacy Commissioner for Personal Data (PCPD), found them to be in violation of the Personal Data (Privacy) Ordinance (PDPO).

The Bavarian Data Protection Authority (BayLDA) is progressing with its investigations and is anticipated to reach a conclusion "soon," with a final decision that is in alignment with all relevant European supervisory authorities.

In response to these regulatory pressures, Worldcoin has enhanced its security protocols by open-sourcing its biometric data system, confirming that users can now delete their old iris codes securely.

Additionally, the company has implemented more stringent controls to verify the age of users and has introduced the option for users to remove their iris codes.

In the event of disagreements among Data Protection Authorities (DPAs) regarding the appropriate action towards Worldcoin, it is important to recognise that the GDPR provides a mechanism for addressing cross-border complaints.

This framework allows DPAs to voice their objections and concerns.

Should a consensus not be reached, the European Data Protection Board may be called upon to intervene and issue a final decision.

Kenya First to Ban Worldcoin

Kenya played a significant role in Worldcoin's initial phase, hosting at least 18 of its iris-scanning locations, known as Orbs.

Over 350,000 Kenyan citizens have participated, each receiving 25 units of Worldcoin's cryptocurrency, WLD.

However, the Kenyan Ministry of the Interior halted Worldcoin's operations while the country's financial, security, and data protection services conduct an investigation into the project's legitimacy and data protection practices.

This decision was announced in a statement posted on the ministry's Facebook page on 2 August 2023.

Source: Kenya's Ministry of Interior and National Administration

The statement signed by Minister Kithure Kindiki, stated:

"The Government is concerned by the ongoing activities of an organization calling itself 'WORLD COIN' which is involved in the registration of citizens through the collection of eyeball/iris data."

Singapore Part of the Welcome Squad

In a surprising contrast to its reception elsewhere, Worldcoin has found a welcoming environment in Singapore since its launch.

Initially starting with just five locations, the project has expanded to eight, mainly concentrated around the central district.

TfH has also secured membership in two of Singapore's most prestigious tech associations: ACCESS and the Singapore Fintech Association (SFA).

Worldcoin Shrouded in Controversy & Regulatory Scrutiny as WLD Struggles

At the heart of the controversy surrounding Worldcoin lies a perceived lack of transparency and trust in its technology.

In response to regulatory scrutiny, Worldcoin has taken steps to enhance transparency and security, aiming to reassure users and regulatory bodies.

Recent developments suggest a shift towards greater openness, which may persuade regulators to reconsider their bans and prevent further complications.

With the recent introduction of the SMPC system, the level of privacy protection for verification of uniqueness of biometric templates, has been improved.

Following the migration of iris codes to the new SMPC system, the previous uniqueness-checking system, along with all old iris codes, was securely deleted according to Worldcoin.

Despite leveraging cryptocurrency and blockchain technology, Worldcoin has been shrouded with both scepticism and lauded with praises since its inception.

Vahan P. Roth, an executive board member at Swissgrams AG, criticised the project for blatantly contradicting the core ethos of cryptocurrencies—the principles of anonymity and decentralisation that underpin Bitcoin and similar digital assets.

Moreover, regulators in multiple countries have outright banned Worldcoin, citing concerns that its data collection practices could pose a significant threat to privacy.

Additionally, the WLD token has faced significant difficulties due to regulatory challenges.

CoinMarketCap data shows that WLD has plummeted by approximately 60% from its all-time high of $11 and is currently trading at $4.84.

To overcome these hurdles, Worldcoin must address the worries of both regulators and users, demonstrating that its product is secure and respects privacy.

Failure to do so could lead the project down a perilous path.