A German subsidiary involved in Sam Altman's controversial crypto blockchain digital identity business WorldCoin has filed a legal challenge to a cease and desist order from Spain's data protection authority, it was reported on Friday.
Earlier this week, it was revealed that Spanish regulator AEPD had instructed WorldCoin to temporarily stop scanning people's eyeballs and further processing data already collected from people in the market.
As reported on Wednesday, AEPD announced an Article 66 “emergency procedure” against WorldCoin under the European Union's General Data Protection Regulation (GDPR), saying it was acting after receiving a large number of complaints. Concerns raised by the group include the level of information WorldCoin provides regarding processing. Collection of Data from Minors. And how is consent not allowed to be withdrawn? It also stressed that the sensitivity of the biometric data involved poses “high risks to people's rights.”
Worldcoin's operator, Tools for Humanity, is considered a “major company” in Germany, with the Bavarian DPA (also known as BayLDA) playing a leading role and streamlined regulatory oversight through the GDPR's one-stop-shop mechanism. You can use it. Supervision and complaint investigation powers – The regulations include the ability for other DPAs to issue interim orders for up to three months if they determine there is an “urgent need” to act to protect the rights of local residents. Contains permissions to allow.
Such orders would only apply to the authorities' own markets, not the EU as a whole. Therefore, AEPD's temporary ban on World Coin only applies to Spain.
Despite the GDPR providing for emergency intervention by a non-primary DPA, World Coin is challenging the AEPD order.
This development was first reported in the German press. Worldcoin spokesperson Rebecca Hahn emailed a link to the report published by Schwäbisch, hoping to get TechCrunch's attention. She also sent a statement (below) attributed to Worldcoin, in which her Tools for Humanity says its eye-scanning business complies with all EU laws regarding biometrics, data transfer, data processing, and data protection. It claims to be fully compliant. The statement also accuses AEPD of circumventing “accepted EU processes and rules” and claims it is left with “little recourse” but to file a lawsuit.
Worldcoin's full statement is below:
Worldcoin is fully compliant with all laws and regulations governing biometric data collection and data transfer, including the European General Data Protection Regulation (“GDPR”). For this reason, we have been in consistent and ongoing dialogue with BayLDA, the EU's chief data privacy authority, for several months. We are disappointed that the Spanish regulator has circumvented her EU-recognized processes and rules, leaving us with little recourse but to take legal action.
Hahn did not respond to questions seeking details about the legal claims Tools for Humanity plans to make against AEPD's order. He also did not confirm whether Spain's WorldCoin and its operators had complied with local orders to stop scanning and processing people's data from the market.
AEPD did not respond to a request for comment on the WorldCoin challenge at the time of writing.
According to Schwäbisch's report, WorldCoin was “largely developed” in Erlangen, Bavaria, Germany. Along with OpenAI's Altmann, it names German computer scientist Alex Branier (pictured above) as a co-founder of Tools for Humanity. Brania's LinkedIn profile states that he is based in San Francisco.
As of this writing, the Worldcoin.org website still lists five “pop-up” locations in Spain: three in Barcelona, one in Madrid, and one in Malaga. It says that people can have their eyeballs scanned there for one of the World Coins. Unique orb. But on Wednesday, WorldCoin's site listed 29 locations across the country where people can obtain biometric authentication in exchange for a few crypto tokens. This suggests that the company may be suspending its scanning operations in the market.
One of the controversies surrounding this business is that it captures people's sensitive biometrics in exchange for payment methods. WorldCoin claims that users consent to their data being processed for that purpose. But in the EU, the GDPR requires free consent, and financial incentives create clear incentives that could mean people are not able to consent freely as the law is understood.
Other GDPR concerns regarding Worldcoin include transparency and fairness of processing. Issues surrounding the rights of data subjects, such as the right to have personal data deleted. Risk to Minors. Questions about data transfer and security.
BayLDA’s investigation into whether Worldcoin is GDPR compliant began last year and is still ongoing. But yesterday, the agency told us it has sent a draft decision containing its findings to other European data protection authorities for review, and will consider it “in the near future.”
Under the GDPR, other authorities with concerns about cross-border processing may appeal the draft decision if they disagree with the lead authority's findings. In that case, disputes regarding the decision will be resolved by majority vote, or, if the DPA remains split, the European Data Protection Board will take a deciding vote. This means that even though regulations allow entities like WorldCoin to be led by a single authority, other relevant authorities remain involved in decisions that affect users of their respective markets. This means that it is designed to guarantee that
In Spain's Catalonia region, where WorldCoin currently lists the most pop-ups for eye scans (3), the local government has responded to concerns about the company's biometric scanning operations with an article containing advice and warnings. A local newspaper recently reported that the government responded by doing so. From the Catalonia Data Protection Agency.
The article warns that “particularly sensitive personal data” is collected through iris scans. risk of harm from misuse of such data; and raises specific concerns about children's data being collected without the necessary consent of their parents or guardians.
The article also states that “multiple” EU authorities are currently investigating whether Worldcoin is GDPR compliant.