Worldcoin has recently faced significant regulatory challenges due to the collection of biometric data using its Orb device. In December 2024, the Bavarian Data Protection Authority (BayLDA) determined that the company violated the General Data Protection Regulation (GDPR) by scanning the irises of thousands of European citizens. As a result, Worldcoin was ordered to delete all iris records stored in Europe and obtain explicit consent for future processing of biometric data.
In order to continue its identity verification method using the Orb, Worldcoin will need to implement measures to ensure compliance with data protection regulations. These actions include:
Obtaining explicit consent: Ensure that users clearly understand how their biometric data will be used and provide informed consent.
Protection of data of minors: Implement effective systems to verify the age of participants and ensure that data is not collected from minors.
Transparency in data use: Provide detailed information on how collected biometric data is stored, processed and protected.
Enhanced security measures: Adopt advanced protocols to protect data against unauthorized access and potential security breaches.
Furthermore, Worldcoin will be required to work closely with data protection authorities in the jurisdictions where it operates, adapting its practices to local regulations and responding to concerns raised by regulators. Only by implementing these measures and committing to user privacy will Worldcoin be able to continue its identity verification project through the Orb.
