Worldcoin has faced bans around the world due to growing privacy fears
The rise of Worldcoin, an AI-based identity project with its own cryptocurrency, is worrying privacy advocates and regulators.
According to the project, more than 5 million people have already lined up to peer into the bowling ball-sized silver sphere and have their irises scanned.
In addition to receiving online ID verification, users will be awarded 25 WLD, worth about $115.
As of April 11, more than 10 million people have signed up for the Worldcoin app.
Sam Altman, founder of WorldCoin and CEO of OpenAI, said the project aims to create a “global financial and identity network based on physical authentication”, which is essential in an era where artificial intelligence is commonplace.
However, since its inception, Altman's initiative has received strong backlash from influential privacy advocates, including American whistleblower Edward Snowden.
The project has received warm support from the crypto community and its use of blockchain technology.
Vahan P. Roth, member of the executive board at Swissgram AG, said WorldCoin “clearly goes against the central ethos of cryptocurrencies – the basic principles of identity and decentralization on which Bitcoin and its peers are based.”
On top of that, regulators in various countries have begun banning the project altogether, fearing that this collection of biometric data could pose a significant threat to privacy.
Is Worldcoin's biometric data collection a real threat to privacy, or do people really understand the company's goals?
Biometric data is the holy grail of personal data.
Data breaches and the sale of stolen data online are already a fact of life.
However, an online biometric data record is more worrisome because of its sensitive and highly personal nature.
For Rory Mir, associate director of community organizing at the Electronic Frontier Foundation (EFF) – a non-profit organization that protects civil rights in the digital world – the security of biometric data is critical because it is “mostly immutable and difficult to hide.
“You only have one body, so when this information is collected and used to track you, you have little choice.”
Mir emphasized that any collection of biometric data “requires very strict safeguards centered on the express consent of the surveyed, if not prohibited at all.”
“It's not clear that the WorldCoin contractors collecting these scans will ever come close to consistently clearing this bar for due diligence,” he said.
Privacy regulators are banning Worldcoin worldwide.
Regulators have begun banning Worldcoin amid these privacy concerns.
In 2023, regulators in India, South Korea, Kenya, Germany and Brazil began investigating the company's data collection practices.
Recently, regulators are taking more drastic measures.
In the year March 18, 2024 Spain becomes the first country to ban WorldCoin from collecting biometric data.
Latest: SEC's ETF ruling means ETH and ‘many' other tokens are not securities.
In the year On May 22, Hong Kong decided to suspend all Worldcoin operations in the region, saying it was unfair for Worldcoin to retain sensitive biometric data for up to 10 years for AI model training.
The Spanish Data Protection Agency (AEPD) told Cointelegraph that the case against Worldcoin is based on several reports from Spanish citizens.
Orb's data collectors “gave insufficient data, collected from minors and even failed to allow consent cancellation,” he said.
Worldcoin filed a request for a ban, but the National Court (Audiencia Nacional) rejected the appeal, “The subject's right to the protection of personal data prevails over the special interest of the appellant company, which is essentially economic in content.”
Christophe Schmon, director of international policy at AFF, told Cointelegraph that the EU regulation is a “one-stop shop for cross-border data protection enforcement”.
Schmon explained that this type of enforcement would result in a central governing authority that would work with other national authorities in the EU to determine the final fate of Worldcoin activities.
Schmon pointed out that the main authority of Worldcoin will be Germany, since the European headquarters is located in that country.
Although Germany may get the final say, the AEPD told Cointelegraph that Article 66.1 of the General Data Protection Regulation, which Worldcoin complies with, allows other EU national regulators to take action.
Other national regulators can bring enforcement cases in “exceptional circumstances” if a supervisory authority finds it necessary to “intervene urgently” to protect the rights and freedoms of individuals.
He mentioned that the EIA is actively cooperating with its European counterparts regarding the banning of WorldCoin in Portugal and a possible ban in Italy.
“Regulators can use a number of international cooperation mechanisms” to address the activities of international active bodies, such as the International Privacy Summit or inter-governmental discussions, Shimon said.
How can Worldcoin prove its goodwill?
For its part, WorldCoin has responded to regulatory pressure and begun offering greater transparency and security to reassure users and government watchdogs.
Four days after Spain's ban, Worldcoin made its Orb software open source.
In addition, World App users can implement a privacy feature called “Privacy Protection” to keep their data private. The company says that once the encrypted data is sent from Orbi to the Individual World app, “there is no unencrypted copy of this data anywhere.”
WorldCoin has passed a third-party audit that assessed no direct vulnerability to end-to-end encrypted messaging by Orb software.
It also opens up secure multi-party computing for use in the biometric data system.
The company also says users can securely delete their old Iris codes.
“Opening up their software and implementing features like privacy protection and the ability to reveal your identity seem like steps in the right direction,” Sascha Drobnjak, head of legal and compliance at the Blockchain Computing Project, told Cointelegraph.
Mir noted how open source code allows “independent researchers to test technical claims.”
Lasha Antaze, founder of RariLabs – which is building the privacy-first zero-knowledge social protocol – told Cointelegraph:
“To remove further restrictions and extend confidence in their product, [Worldcoin’s] The main focus should be on empowering the user.
Antaze said WorldCoin should focus on improving mechanisms that allow users to grant, deny or withdraw consent and control their data, including “clear options to opt-out or opt-out of the service.”
Recent developments from Worldcoin seem to be a step in this direction. As these efforts escalate, they may convince regulators to lift their current bans and avoid additional cases.
However, many people may find it hard to swallow the idea of a private entity collecting their biometric data en masse.
Worldcoin must address the concerns of regulators and users to ensure that the product is secure and ensures privacy.
While much of the problem is with Worldcoin, Antaze said regulators also “need to step up their game” because, in his opinion, they often “don't understand the technology or can't create mechanisms to effectively monitor these technologies.”
Regulators' lack of technology knowledge “leads to blanket bans based on misinformation, and everyone loses as a result.”
Recently: Ripple is taking ‘cheap shots' on Tether, according to Samson Mou
WorldCoin did not answer all of Cointelegraph's questions, but highlighted that “the open-source human verification process and the technology used to verify individuals is new, complex, and not easily understood.”
The project added: “We are happy to participate in discussions to increase awareness and dispel common misconceptions.”
The controversy surrounding Worldcoin seems to be related to the previous lack of transparency and trust in the technology. WorldCoin has a lot of ground to cover in informing, proving and convincing the public and regulators that its protocol is private, secure and useful.