Worldcoin, the cryptocurrency project that since July last year has collected images of the irises of some 400,000 Spaniards, will take legal action, it claims, against the Spanish Data Protection Agency (AEPD). This body has prohibited Worldcoin from continuing to collect biometric data from its users for the next three months and has required it to block this information until further notice.
The company based in San Francisco and Berlin and owned by Sam Altman, the person most responsible for the development of ChatGPT, considers that the AEPD’s precautionary measure contravenes European regulations and is, therefore, illegal. At the moment, the company does not specify what legal measures it is considering implementing against the AEPD.
“Worldcoin fully complies with all laws and regulations governing the collection and transfer of biometric data, including the EU General Data Protection Regulation (GDPR),” says a company spokesperson, adding that they have been in discussions with the Bavarian Data Protection Authority (BayLDA). That German state is where Tools for Humanity, the company that is collecting and storing high-definition images of Worldcoin users’ irises, is hosted.
“Our legal and technical investigation is advancing,” BayLDA sources tell this newspaper. “As the lead authority, we have already analyzed a large number of documents and have also carried out on-site checks which should allow us to present the procedure to our European colleagues with a final evaluation very soon. This will also include evaluations on the topics that our Spanish colleagues sent us,” they point out.
Worldcoin uses so-called Orbs to collect biometric data. These are metal spheres the size of an indoor soccer ball that photograph the irises of those interested and give them access to the Worldcoin digital currency. Since the exchange value of the cryptocurrency rose two weeks ago, placing the 13 Worldcoin coins released after the iris scan at around 80 euros, the queues around the already 30 stands that Worldcoin has located in shopping centers have not diminished .
In order to use an Orb, users must download an application on their mobile phone and receive a QR code. The iris photo acts as “proof of humanity” (the system ensures that the request is made by a person and not a machine). The image is also associated with the QR code, after which the application transforms into a passport called World ID, the wallet where the Worldcoins are stored. According to Altman, the passport and the wallet that it promotes will be key to managing financially, and perhaps to collecting a universal income, in a future dominated by artificial intelligence.
“The precautionary measure of the Spanish authority violates the requirements of the GDPR and is illegal. This situation could have been avoided if the AEPD had followed the well-established legal process applicable throughout Europe,” says Tim Yurl, a data privacy lawyer and partner at Latham & Watkins, the law firm that is advising Worldcoin in Europe. “We were disappointed that the Spanish regulator circumvented the process and rules accepted in the EU, which leaves us with no other recourse than to file a lawsuit,” they point out from Worldcoin.
Under the GDPR, only the data protection authority of the country in which a company operating in the EU is headquartered is competent to hold it to account. “The AEPD itself recognized on Wednesday, when it said that the European headquarters of Worldcoin is in Bavaria, that the Spanish authority is not the competent one: in any case it will be the German one or the EU itself,” explains Borja Adsuara, consultant and expert in digital right.
From the AEPD, however, they argue that article 66.1 of the RGPD establishes that, in exceptional circumstances, when an interested supervisory authority (in this case the AEPD) considers it urgent to intervene to protect the rights and freedoms of people, it may adopt provisional measures with legal effects in its territory for a maximum of three months. The adoption of precautionary measures would thus be justified “to avoid potentially irreparable damage.”