World, the controversial biometric identification project cofounded by OpenAI’s Sam Altman, has faced significant regulatory pushback from Germany, where authorities say the company’s iris-scanning technology does not quite meet European data protection standards.
The German data protection authority-the Bavarian State Office for Data Protection Supervision-concluded its months-long probe into World’s business practices with a decisive order. According to the authority, “identification by the company raises numerous fundamental data protection risks for a large number of data subjects” and thus contravenes the General Data Protection Regulation set by the European Union.
Worldcoin Ordered to Improve Data Deletion
World, formerly known as Worldcoin, has developed a new method of verifying digital identity.
The company utilizes a ball-shaped device called an ‘Orb,’ which scans the irises and faces of users, and through this process, sets up a digital identity system to differentiate between humans and AI bots when accessing the internet. Although the technology originated from Tools for Humanity, the San Francisco-based company, its European operations are based in Bavaria, Germany.
The decision is important since “it enforces European fundamental rights standards in favor of the data subjects in a technologically demanding and legally highly complex case with today’s decision,” according to BayLDA President Michael Will.
The authority requires World to adopt a process of erasure under GDPR, so that “all users who have provided ‘Worldcoin’ with their iris data will in future have the unrestricted opportunity to enforce their right to erasure”.
World Challenges EU Data Privacy Standards
World reacted by raising the issue of whether the PETs they use comply with the standards set by the EU on anonymizing data.
The chief privacy officer at Tools for Humanity, Damien Kieran, weighed the nuance of it, commenting that Michael Will is “between a rock and a hard place.”
Kieran continued: “I don’t want to put words in his mouth, but I think he feels that we have done something rather good technically, but I think he’s under a lot of pressure because I think it’s a complicated environment to be a lead supervisory authority in the EU at the moment.”
On the technical level, Kieran said World has changed its procedure for handling data. The company ceased storing iris codes in its database, which was actually one of the main reasons raised by the BayLDA. World uses a cryptographical procedure that breaks it into three new pieces which the company stores in databases owned by third parties such as the University of Berkeley, Zurich, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) University, and NeverMind.
Kieran underscores that data protection measures should point out that data anonymization and deletion are crucial to enable people to verify themselves as human online while remaining completely private”.
However, the regulatory environment is raised and noted as “without a clear definition around anonymization, however, we lose perhaps our most powerful tool in the fight to protect privacy in the age of AI.”.
Data Privacy Concerns in Europe
Notwithstanding this obstacle, the World is still assessing operations in a few more countries such as Argentina, Australia, Chile, Colombia, Ecuador, Germany, Japan, Mexico, Peru, Poland, Singapore, South Korea, and even the US. The company has growth plans with regard to starting operations in Ireland, The UK, France, and Italy. But these plans have constraints in Spain and Portugal where some temporary restrictions have already been placed due to data protection issues.Â
On the whole, as the controversy surrounding World’s technology escalates so does the conflict between the need for modern digital identity solutions and respect for people’s personal data, especially in the European Union. This is especially relevant to the fact that the company is constantly refining its technology and is willing to challenge various regulatory resolutions in court. Thus, this case could create important precedents in regard to the key issues of the future development of biometric identification systems and privacy protection standards in the world.