OpenAI CEO Sam Altman’s latest venture, Worldcoin, has caught the attention of European data protection authorities even as it begins its global rollout this week. The ambitious project aims to verify the authenticity of human users by scanning their eyeballs in exchange for crypto tokens. However, the use of biometric data and the complex governance structure have raised significant privacy concerns, leading regulators in Europe to take action.
The Quest to Prove Humanness on the Internet
Worldcoin is a generative AI company that seeks to blur the lines between human and bot-generated digital activity. Its popular ChatGPT tool is a testament to its mission. To make this distinction even harder, Worldcoin is encouraging individuals to prove their humanness through biometric scans using its proprietary orbs, promising them digital tokens in return.
In Europe, pop-up locations have emerged in the U.K., France, Germany, and Spain, offering users the chance to exchange their biometric data for Worldcoin’s digital tokens. However, the rapid expansion has not gone unnoticed by data protection authorities in these countries.
Privacy Concerns and Investigations
The U.K.’s Information Commissioner’s Office (ICO) responded to Worldcoin’s launch by stating that organizations should conduct a Data Protection Impact Assessment (DPIA) before processing sensitive biometric data. France’s data protection authority, CNIL, has taken it a step further and openly questioned the legality of Worldcoin’s data collection practices. The French authority has already initiated an investigation into the matter.
The European General Data Protection Regulation (GDPR) defines biometric data for identification purposes as “special category data” and imposes stringent rules for its lawful processing. Worldcoin claims to rely on users’ consent for processing their biometric data under GDPR. However, obtaining explicit consent for such data processing presents a challenge when users are presented with lengthy legal documents while being incentivized with crypto rewards.
A Complex Governance Structure
Worldcoin’s decentralized cryptocurrency project further complicates the matter of data processing and legal responsibility. While Tools For Humanity led Worldcoin’s development and operates the World App, they couldn’t provide a clear answer on whether Worldcoin is a for-profit or not-for-profit entity. Worldcoin Foundation and Worldcoin Protocol, both involved entities, claim to be non-profit, adding further confusion to the project’s structure.
The Road Ahead
European privacy watchdogs are taking these privacy concerns seriously, and while Worldcoin asserts compliance with applicable laws, regulators will closely scrutinize its operations. The investigations will determine if the data processing aligns with GDPR requirements, especially regarding data deletion rights and obtaining explicit consent.
As Worldcoin’s global rollout continues, the company faces the challenge of navigating privacy regulations and gaining user trust, especially in regions with strict data protection laws. Whether or not the project can meet the high standards of GDPR will be closely monitored by both users and regulators.
