Recently, Portugal’s National Data Protection Commission (CNPD) made a bold move by announcing a ban on Worldcoin from collecting biometric data for a period of three months. The CNPD cited various reasons for this decision, including allegations that Worldcoin lacks a mechanism to verify the age of its members. Moreover, the commission pointed out that Worldcoin has been collecting data from minors without obtaining parental consent. These actions raised serious concerns regarding the protection of minors’ rights and compliance with the General Data Protection Regulation (GDPR).
Aside from issues related to minors, the CNPD also highlighted other potential violations of GDPR standards by Worldcoin. One major concern was the lack of transparency in providing information to users, making it difficult for individuals to delete their data or withdraw their consent. The CNPD stressed that the GDPR includes specific provisions for safeguarding biometric data and the rights of minors, making it imperative to take urgent action against Worldcoin. President Paula Meira Lourenço justified the ban as a necessary step to uphold the rights of the public, especially minors who may be at risk due to inadequate data protection measures.
In response to the ban, Worldcoin denied any wrongdoing and asserted its compliance with all laws and regulations in the areas where it operates. The company’s data protection officer, Jannick Preiwisch, emphasized that Worldcoin has a strict policy against allowing minors to register through its platform. Preiwisch claimed that Worldcoin had not been previously notified by the CNPD about the issues raised. Moreover, the company highlighted its recent introduction of a user-controlled Personal Custody model, aimed at giving users greater autonomy over their data. This move was accompanied by the release of Orb software under an open-source license on March 22, signaling Worldcoin’s commitment to enhancing data protection measures.
Spain also took a similar stance by imposing a suspension of Worldcoin’s data collection activities for three months, echoing Portugal’s concerns about the company’s practices. The simultaneous actions by both countries underscore the international scrutiny faced by Worldcoin and the growing importance of complying with data protection regulations. As the investigations unfold and the outcomes are awaited, Worldcoin will need to address the allegations raised by regulatory authorities and reassure users about the safety and privacy of their data. The repercussions of these controversies could have far-reaching implications for Worldcoin’s reputation and future operations in the data collection industry.