BayLDA Orders Stricter Privacy Measures for Worldcoin
The Bavarian State Office for Data Protection Supervision (BayLDA) has issued a mandate for Worldcoin to enhance its privacy practices following an investigation into the company’s handling of biometric data.
GDPR Compliance Requirements
- Implement GDPR-compliant data deletion process within one month
- Obtain explicit user consent for certain data processing activities
- Delete data collected without a sufficient legal basis
Investigation Findings
The investigation, launched in April 2023, focused on Worldcoin’s utilization of iris-derived biometric data to establish unique digital identities through its World ID system.
During the investigation, Worldcoin ceased operations in some EU countries voluntarily. However, compliance issues were still identified by BayLDA.
BayLDA President’s Statement
“With today’s decision, we are upholding European fundamental rights standards for data subjects. Users who provided their iris data to Worldcoin now have the right to request the deletion of their data.”
Enforcement Actions
Worldcoin is mandated to implement a GDPR-compliant data deletion process within one month of the ruling. Additionally, explicit consent is required for specific data processing activities, and data collected without a legal basis must be deleted.
The investigation was carried out in collaboration with European data protection authorities under the GDPR framework.
Challenges in Regulatory Compliance
Worldcoin’s operations span across Europe and globally, posing challenges in maintaining consistent data protection standards. The project has faced scrutiny in various regions over its biometric data practices and adherence to local laws.
While investigations in some areas, like Kenya, have been closed without further action, scrutiny persists in places like Hong Kong and Singapore regarding data collection practices and potential financial misconduct.
