UPDATE: Kenya’s interior minister Kithure Kindik on Wednesday halted all activities of Worldcoin while the government investigates potential risks to public safety. Local media reports say over 350,000 Kenyans had signed-up to Worldcoin by Tuesday.
Regulators in the UK, France and Germany are investigating Worldcoin, the cryptocurrency project founded by OpenAI’s Sam Altman, over potential privacy breaches. Meanwhile, in Kenya, the project is being rocked by allegations of fraud – and privacy too.
Launched on July 24, Worldcoin promises people free money in exchange for a scan of their irises. It built a device called Orb, which it uses to scan eyeballs and capture unique biometric identifiers. The goal is to create a digital World ID that separates humans from AI.
Worldcoin set up several sign-up sites in 34 countries where people can get their irises scanned. In Europe, the company is collecting biometric data in the UK, France, Spain and Germany. So far, Worldcoin has scanned the irises of over 2.16 million users globally.
Also read: Worldcoin: OpenAI’s Sam Altman Launches Controversial Crypto Project
Worldcoin transparency questioned
According to reports from Reuters and TechCrunch, privacy watchdogs in three of the European countries are looking into the legality of Worldcoin’s biometric data collection practices and the security of processing and storing the same data.
“The legality of [Worldcoin’s data] collection seems questionable, as do the conditions for storing biometric data,” said the French data protection agency Commission Nationale Informatique and Libertés (CNIL).
“Worldcoin collected data in France, and the CNIL initiated investigations,” it added.
In the European Union, the crypto project is overseen by the Bavarian State Office for Data Protection Supervision in Germany. The French regulator transferred the investigation to the Bavarian authority, which is now carrying on with the inquiry with the help of CNIL.
The joint-investigation is being done “under the mutual assistance procedure” as provided for in the EU’s powerful General Data Protection Regulation (GDPR).
Per the TechCrunch report, the law includes a mechanism called the One-Stop-Shop, which is designed to simplify regulatory oversight in cases where data protection concerns cross national borders. This is the case with ChatGPT-founder Sam Altman’s Worldcoin.
The Worldcoin project was created to help build an identity & financial network connecting billions of people in the Age of AI. pic.twitter.com/7XbwCHkt2P
— Worldcoin (@worldcoin) July 29, 2023
Data protection impact assessment
A Bavarian authority spokesperson said the agency will undertake an impact assessment, which “should provide a clear analysis of the impact of the envisaged processing operations on the protection of personal data and the safeguards in place to address these risks.”
“[The Worldcoin investigation is] intended to clarify questions regarding the transparency and security of data processing,” the spokesperson told TechCrunch.
“This includes whether data subjects are provided with sufficient information to give them a clear understanding of the processing of their data and the purposes pursued with it.”
It will also look at whether people’s rights, such as the one to delete their data or object to its processing, are protected. The Bavarian regulator will examine whether Worldcoin is taking enough steps to protect the data from unauthorized access like identity theft.
In Britain, data agency the Information Commission Office (ICO) said recently that it is “making enquiries” about Worldcoin’s operations in the country, emphasizing the need for “a clear lawful basis to process personal data.”
“Organizations must conduct a data protection impact assessment before starting any processing that is likely to result in high risk, such as processing special category biometric data. Where they identify high risks that they cannot mitigate, they must consult the ICO,” it said.
The regulator stressed that “where [Worldcoin] is relying on consent, this needs to be freely given and capable of being withdrawn without detriment.”
Worldcoin denies allegations
The Worldcoin Foundation, the non-profit behind Worldcoin, told Reuters that the project was “designed to protect individual privacy and has built a robust privacy program.”
The Foundation said it “complies with all laws and regulations governing the processing of personal data in the markets where Worldcoin is available.”
“The project will continue to cooperate with governing bodies on requests for more information about its privacy and data protection practices,” it added.
Trouble in Kenya
Meanwhile, in the East African country of Kenya, Worldcoin is being rocked by allegations of fraud as well as privacy, Quartz reports.
New users are being targeted by fraudsters offering to buy their Worldcoin tokens (WLD) for cash – but at a lower valuation than their actual worth. Kenyans who got their irises scanned received around 25 WLD tokens valued at about $60.
But because many new users have limited knowledge on how Worldcoin operates, they’ve sold their crypto rewards to scammers for a song, as low as $7, the report said, quoting an unnamed Worldcoin agent from Nairobi.
Kenya’s data protection commissioner Emmaculate Kassait warned people against having Worldcoin collect their biometric data without proper consent and explanation.
“Failure to do so not only puts individuals’ privacy at risk but also exposes an organization to legal and reputational consequences,” she said in a July 28 press release.
STATEMENT: @ODPC_KE Calls for Vigilance from the Public as It Engages WorldCoin on Compliance with Data Protection Act, 2019. pic.twitter.com/xoY7uOqcNG
— OFFICE OF THE DATA PROTECTION COMMISSIONER (@ODPC_KE) July 28, 2023
As of writing, Worldcoin’s WLD token is up 5% at $2.42, according to CoinGecko. The project has so far issued nearly 15.5 million WLD tokens valued at more than $37.47 million.
and then