skip to Main Content
bitcoin
Bitcoin (BTC) $ 98,421.37 0.01%
ethereum
Ethereum (ETH) $ 3,468.23 0.94%
tether
Tether (USDT) $ 0.998795 0.17%
xrp
XRP (XRP) $ 2.28 1.85%
bnb
BNB (BNB) $ 703.06 1.19%
solana
Solana (SOL) $ 197.98 0.12%
dogecoin
Dogecoin (DOGE) $ 0.330793 1.35%
usd-coin
USDC (USDC) $ 0.999655 0.19%
staked-ether
Lido Staked Ether (STETH) $ 3,463.33 0.86%
cardano
Cardano (ADA) $ 0.912403 3.20%

Bavaria’s Data Regulator Had Not Concluded Assessment of Worldcoin When the Project Launched

Bavaria’s data watchdog had not finished its privacy and security assessment of Worldcoin when the project launched, the head of the agency said.

Michael Will, president of Bavaria’s Data Protection Authority, the lead agency supervising the OpenAI-tied project in Europe, told CoinDesk on Monday that it was still reviewing the project when it went live on July 24, though he noted that the company is not legally obliged to notify the authorities and get their approval prior to the launch. Bavaria is a German state where Worldcoin has set up an entity to manage the data for its European users, so the local authority is leading the investigation.

At the same time, Worldcoin’s financial aspect is also under investigation. Germany’s Federal Financial Supervisory Authority, known as BaFin, is monitoring the project. It is unclear at the moment whether it needs a permit from BaFin, as other crypto firms do, a spokeswoman from the authority told local newspaper Tagesspiegel.

Worldcoin is co-founded by Sam Altman, the entrepreneur behind popular chatbot ChatGPT, and aims to promulgate a new way to verify that a user is human and unique on the internet using iris scans, artificial intelligence and zero-knowledge proofs. Verified users can receive grants of the Worldcoin token. Developers can build applications on top of this identification protocol, including a wallet where the Worldcoin token is distributed.

Worldcoin did not respond to CoinDesk’s request for comment at the time of publication.

Even before the project’s full launch, it was the subject of controversy. Criticism has centered around potential privacy issues, the reported manipulation of people in developing countries, as well as the fact that a private company is building global identification infrastructure, which is normally the work of government entities.

The Bavarian DPA’s journey with Worldcoin started last November, when its French counterpart asked it for information on whether the project had a Bavarian entity that was acting as the data controller, an entity that decides how and why data is processed under GDPR and is ultimately liable for the data processing. At the time, Worldcoin was doing testing in France, said Will.

It took a few months, but in March, Worldcoin responded to the information request from the DPA and also submitted a privacy impact assessment, which is required under GDPR for companies processing sensitive data such as biometric information. Based on that information, the Bavarian DPA concluded that the local Worldcoin entity fulfilled the requirements of GDPR, but had some additional questions, said Will.

More recently, about two weeks ago, a journalist from German newspaper Handelsblatt contacted the DPA to confirm whether they were in contact with Worldcoin co-founders, one of whom resided in Bavaria, said Will. The journalist received this information from one of the co-founders, he said. Worldcoin’s co-founders include Altman and Alex Blania, who is reportedly of German origin.

This was a “strange” event and perhaps a “miscommunication,” said Will, as the authority was in his reading not in regular contact with Worldcoin. Perhaps “there was a little bit of confusion, maybe not understanding properly what it means when you have notified” the authorities, said the Bavarian DPA President.

The company is now in contact and cooperating with the regulators, said Will.

The Bavarian DPA, along with French and U.K. regulators, have said they are investigating the project. Authorities in Kenya have suspended Worldcoin operations in the country – citing privacy, security and financial regulation concerns – and reportedly raided its warehouses and seized hardware. Prior to the reported raid, Worldcoin said it suspended operations due to “crowd control” issues.

At the moment, the European data authorities are investigating Worldcoin’s data flows, the pseudonymization of personal data, such as the biometric iris scans, as well as the transparency and fairness around users’ consent, said Will. Worldcoin is expected to respond to the authorities’ latest information request by September, at which point the investigation might delve deeper into its specific technology.

On data flows, Will explained that “everyone talks about iris scans,” but in Worldcoin’s documentation there is a clear distinction between the iris scan and the identification code created based on the biometric data that is stored the database. So the authority will look into whether the iris scan data is indeed deleted, as Worldcoin claims, he said.

Worldcoin’s technologies are not altogether new, but the way they combine them is, said Will. The complexity of the project is a challenge, he is confident in the regulators’ ability to conduct an assessment.

Edited by Nikhilesh De.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top