Worldcoin officially launched in July, but for about a year prior the company (backed by OpenAI founder Sam Altman) was on a world tour of biometric data collection. Setting up “orbs” that capture iris scans, the company often targeted low-income areas in which any promise of a free giveaway by some sort of Silicon Valley tech firm is sure to draw a crowd. The company’s methods have raised privacy concerns around the world, however, as data subjects report being poorly informed of how their data is being handled and even of what was being done at the time. The opacity of the system has also raised questions about security, with the biometric data stored on these proprietary orbs until it is uploaded to the Worldcoin network.
The development presents a direct obstacle to Worldcoin’s grand goal, which is to be accepted as a globe-spanning identification system and perhaps to facilitate universal basic income in an assortment of nations. While the project strives to portray altruistic aims, it is off on the wrong foot with what appears to be entirely paid-for data collection that is not necessarily proceeding with an appropriate level of informed consent and security.
Opaque biometric data handling has regulators scrutinizing Worldcoin
One would expect the EU to be first in line to scrutinize Worldcoin’s adherence to General Data Protection Regulation (GDPR) terms, and the company has opened the door to this by holding its eye-scanning registration events in Germany, France and Spain among other locations. It has also set up its EU data processing headquarters in Bavaria. Most of these territories have now launched investigations into the company’s biometric data collection.
Worldcoin is facing similar challenges elsewhere. It is being investigated in Argentina, has been suspended from Kenya, and the United Kingdom’s data protection authority has said that it has begun “inquiries” into the company.
Part of all this scrutiny is due to a lack of clarity about how secure the storage for all of this biometric data is, and whether the crowds of people that lined up to have their irises scanned really gave informed consent in the eyes of the law. But there are also concerns about developing black markets. A China-based organized crime outfit has been observed making offers to buy iris scans, with the presumed purpose of executing some sort of attacks or scams on the system.
Privacy concerns trigger first wave of regulation for Worldcoin
The privacy concerns surrounding Worldcoin are nothing new. There has been a great deal of suspicion about the project’s data handling practices and security since its “registration events” rolled out a little over a year ago, with over 50% of the early wave taking place in impoverished areas that have had little to no exposure to (or likely use for) cryptocurrency.
Informed consent is among the leading privacy concerns. Prior to the official launch of Worldcoin, the company was offering a variety of money and gifts to capture iris scans; it now offers about the equivalent of $50 USD in Worldcoin at its registration events. Accounts from participants, particularly in developing countries, indicate that they only came because freebies were being offered and they did not have the project fully explained to them. These practices riled the government of Kenya, which has forbid Worldcoin from signing up any new registrants until it can conduct an investigation into its handling and use of the biometric data it has collected.