Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
It took a little longer than the first few weeks to arrive, but a very important secret decision that hangs on Sam Altman’s World (and Worldcoin) for many months has arrived, through the decision at the end of December from the Bavarian data protection authority that implements the General Data Protection Regulation (GDPR), a privacy policy that allows penalties that can reach 4% of the annual turnover worldwide. .
Although the decision regarding the investigation that was opened in April 2023 only – finally – to come out before the holiday break of 2024, the result does not seem to be what the crypto eye research company was expecting: it was given to fix the requirement to delete all of the users on request.
“All users who provide ‘Worldcoin’ with their iris data in the future will have an unlimited opportunity to prove that they have the right to erasure,” said the Bavarian State Office for Data Protection Supervision, Michael Will. press release.
Biometric biometrics has been given one month from the date on which the Bavarian authorities have decided to implement an erasure system “which complies with the provisions of the GDPR” – so mark your calendars for the beginning of 2025.
Another part of the Bavarian plan requires Worldcoin to obtain a prior authorization for what the press (inexplicably) describes as “future regulatory alternatives”.
We have asked for more information but this shows that the world should give users more information about the EU before that. They were also ordered to remove “certain documents that were previously collected without sufficient basis”, according to the statement.
In addition to our questions about the mandate, we have asked the Bavarian authorities why no sanctions have been imposed for what appear to be GDPR violations and we will update this report with any response.
The country has responded to the order by saying it will appeal.
Ask falsely
Why does the need to allow users to request that their data be deleted, a right enshrined in European law as part of the GDPR for the right to personal data, seem like a scam to the World(money)? The problem with the blockchain project of human proof is that it is creating immutable and unique IDs to verify identity. So if a person can change all his writings from his books just by asking it is a challenge to his desire to be the world’s master in convincing people.
A spokeswoman for Tools for Humanity (TfH), Rebecca Hahn – who does comms for the organization that creates Worldcoin – said her grounds for appeal will focus on claims that the global infrastructure is “confidential” and prevents user data from being identified.
This means that the GDPR’s data access rights (such as the ability to request erasure) should not be used, as anonymous data falls outside the scope of the law.
In response to why the World is hesitant to allow users to remove information, Damien Kieran, head of privacy at TfH, also told TechCrunch: “Our goal is to increase trust in digital processes. To do this, we created the world’s first digital passport to verify identity. This means that a person can anonymously verify that they are a real person on a platform like X (which is. Kieran’s former employer) solving problems as bots only once.
“The key to this is to ensure that if an anonymous person abuses the platform’s policies and stops it, that person cannot remove their global ID, create a new one and return to X to present themselves as a new person. So that we can achieve our goals of increasing trust in the internet in the smart age , we had to make sure we did it in a way that didn’t mention the content, meaning it couldn’t be removed, and made sure that bad actors couldn’t abuse the internet.”
Kieran added that international ID holders “can remove their personal information from their phone”.
However account information is not where this GDPR battle is focused. It is about information that can be used to identify an individual.
Earlier this year the World launched an open source secure Multi-Party Computation system that it said “They allow iris codes to be stored as private parts and distributed to the public” – without the need for the codes to be stored for verification.
The idea is that this technology changes iris codes through subsequent processing, including encryption and decryption, in a way that prevents privacy risks.
As part of these changes Worldcoin has also introduced a feature allowing users to request that their iris codes be removed. However the amount of control it provides to users has – apparently – been assessed as not meeting the GDPR standard which requires people to control their personal data.
And it’s important to emphasize that GDPR doesn’t just set rules to protect people’s privacy; The policy also aims to ensure that people can be independent of the information they have. It is that last thing that brings great difficulties to the world’s work of proving humanity because it does not help at the level of independence.
Fundamental Rights
The Bavarian DPA said that Worldcoin’s personal verification process includes “several data protection risks for many data subjects”. And despite what the authorities say about the “changes” made in data processing, it is emphasized that “changes are still needed”.
The officials added that their long-term investigation focused on the need for “complete erasure after the withdrawal of consent”; and “consensus review and approval process”.
“With today’s decision, we are setting European standards of justice in favor of technology victims in the most difficult and complex cases,” said Will.
The international appeal against the Bavarian regulatory system does not address the crux data access issue.
Instead it wants to frame the issue as a technical question, how European law should define anonymous data. The reason blog post about the design process begins with the line “The global ID is not known by design.” But trying to encourage people in Europe to have fewer rights may not be popular in the region.
Worldcoin has already seen its wings clipped around the region. To insist on actions from other data protection authorities – including Portugal and Spain – saw it as an emergency that shut down its eye scanners in their markets. The two DPAs raised concerns about the risks of children’s data being potentially deleted.
At the same time, Worldcoin – or World as it was recently renamed – has opened ops in Austria.
