Connect with us

World News

Worldcoin’s official launch triggers swift privacy scrutiny in Europe on July 28, 2023 at 5:42 pm



Worldcoin, OpenAI CEO Sam Altman’s bid to sew up the market for verifying humanness by convincing enough mobile meatsacks to have their eyeballs scanned in exchanged for crypto tokens (yes, really), only started its official global rollout this week but it’s already landed on the radar of European data protection authorities.

Why should anyone feel the need to prove their humanness on the Internet? Well one reason is that by unleashing free power tools like ChatGPT Altman’s generative AI company is leading the charge to make it harder to distinguish between bot-generated and human digital activity. But don’t worry, he’s got an eyeball-scanning orb-plus-crypto-token to sell humanity on for that!

Pop-up locations where willing guinea pigs (i.e. humans) can get some Worldcoin “digital tokens” in exchange for feeding their biometric data into its proprietary Half Life-esque orbs have sprung up in four markets in Europe so far: The U.K., France, Germany and Spain. And, surprising precisely no-one, privacy regulators in at least three of those markets are already expressing concerns and/or actively investigating WTF Worldcoin is doing with European’s sensitive personal data.


Earlier this week the U.K.’s Information Commission Office (ICO) was asked about Worldcoin launching in the U.K. and said publicly it would be “making enquiries”, before issuing some boilerplate warning that: “Organisations must conduct a Data Protection Impact Assessment (DPIA) before starting any processing that is likely to result in high risk, such as processing special category biometric data. Where they identify high risks that they cannot mitigate, they must consult the ICO.”

The ICO’s remarks also emphasized the need for “a clear lawful basis to process personal data”, adding: “Where they are relying on consent, this needs to be freely given and capable of being withdrawn without detriment”.

One privacy compliance question to consider, then, is can consent be freely given if people are being encouraged to hand over their biometrics in exchange for a token which is being presented as a form of virtual currency?

Fast forward a few days and France’s data protection authority, the CNIL, has followed the ICO’s remarks with even more specific expressions of concern, as first reported by Reuters — out-and-out questioning the legality of what Worldcoin is doing. The French authority also revealed it’s already been actively investigating Worldcoin.


“The legality of [Worldcoin’s data] collection seems questionable, as do the conditions for storing biometric data,” a CNIL spokesperson confirmed by email, adding: “Worldcoin collected data in France, and the CNIL initiated investigations.”

Per the CNIL, the investigation it started has been passed to Bavaria’s DPA — after it found the German state authority was Worldcoin’s lead data supervisor in the EU (owing, presumably, to Worldcoin having a subsidiary in the German state). It added that it is providing support to Bavaria’s probe “under the mutual assistance procedure” in EU law.

The bloc’s General Data Protection Regulation (GDPR) — a pan-EU law which is still baked into legacy U.K. data protection rules (hence the ICO sharing the same sort of concerns as EU peers) — contains a mechanism called the One-Stop-Shop that’s intended to streamline regulatory oversight in instances where concerns cut across Member State borders, as here. Or at least when the data processor in question has a main establishment in the EU, as Worldcoin apparently does.

In this scenario the data controller only needs to liaise with a single lead DPA. And in Worldcoin’s case that’s apparently the state of Bavaria’s DPA.


We contacted the Bavarian authority with questions about the investigation. But a spokesperson told us that because it’s an ongoing procedure it’s unable to go into details. (They did confirm one of the first aspects it will look at, out of a range of “many” questions, is the obligation to carry out a data protection impact assessment — which they said “should provide a clear analysis of the impact of the envisaged processing operations on the protection of personal data and the safeguards in place to address these risks”.)

We’ve also reached out to Spain’s DPA to ask if it shares its peers concerns about Worldcoin’s data processing in that EU market and will update this report with any response.

On the legality point, the GDPR classes biometric data that’s used for the purpose of identification — which is exactly what the Worldcoin project intends — as so-called “special category data”. This type of (very sensitive) data has the strictest rules for legal processing.

A spokeswoman for Tools For Humanity, the for-profit technology company that led the development of Worldcoin and operates the World App, confirmed to TechCrunch that consent is the lawful basis being claimed for processing Europeans biometrics data. “Under GDPR, the project relies on the users’ consent for creating the proof of personhood and for opting into data custody,” she told us.


She also pointed us to Worldcoin’s biometric data consent form and privacy notice — documents that run to almost 3,800 words and almost 3,400 words, respectively.

Since Worldcoin is relying on people’s consent to process their special category data, under EU law it must meet an even higher bar — of explicit consent — in order for this processing to be lawful. This means the description shown to, er, eyeball providers before their biometrics are harvested must be extremely clear and specific about what the processing is for. And let’s just say that achieving the highest bar for clarity when you’re presenting individuals with circa 7,000 words of legalese while simultaneously telling them they’ll get a bunch of crypto if they do the scan looks challenging to say the least. (NB: Consent under EU law must also be freely given.)

Even the governance structure of Worldcoin, a decentralized cryptocurrency project, looks hella complicated for people to even understand who they’re giving their data to.

Asked whether Worldcoin is a for-profit or not-for-profit entity the spokeswoman for Tools For Humanity (which is the entity that has so far responded to queries we’ve directed to Worldcoin’s press email) could not provide a straight answer — because there simply isn’t one. Worldcoin’s organizational structure and decentralized governance does not lend itself to a simple yes or not. But she did confirm that Tools for Humanity (and its German subsidiary), aka the Worldcoin developer, is a for-profit tech company.


The other (main) involved entities are the Worldcoin Foundation and the Worldcoin Protocol, which she suggested are not for-profit entities. A disclosure on Worldcoin’s website states: “The Worldcoin Foundation is an exempted limited guarantee foundation company, which is a type of non-profit, incorporated in the Cayman Islands.” So, er, it’s a “type” of non-profit then with for-profit subsidiaries? (For the lolz we asked ChatGPT what an “exempted limited guarantee foundation company” is and OpenAI’s chatbot responded by telling us that, as of its data training cut-off data in September 2021, “there is no widely recognized legal structure or term known [as that]”.)

Then there’s the question of who is actually processing the data — and thus legally responsible for not breaching EU data protection law? Worldcoin’s biometric consent form appears to list the Cayman Islands-based Worldcoin Foundation as the data controller of “your images and biometric data collected through our Orb”.

We asked Tools for Humanity’s spokeswoman to confirm this and she stipulated that the data controller “now” is the Worldcoin Foundation, with Tools For Humanity being a data processor for Worldcoin. (Albeit, the fact Bavaria’s DPA is leading the investigation into the project suggests Tools for Humanity’s German subsidiary plays a significant role in processing people’s data.)

Another question and potential red flag vis-a-vis GDPR compliance pops up if you eyeball the summary section of the Worldcoin biometric data consent form — which contains a bolded warning that people who “sign-up with an Orb” (i.e. have their biometric data harvested) won’t be able to have their personal data deleted after this step. (“[W]e will create a unique Iris Code (as defined below) that cannot be deleted anymore (if we were to delete it, the proof of uniqueness would not work),” Worldcoin writes.)


Thing is, the GDPR gives Europeans a suite of data access rights over their personal data, including the right to ask for it to be deleted. Saying that deletions aren’t possible isn’t going to cut it. The regulation also broadly defines personal data, as information that could identify a natural person (including when combined with other data), so trying to claim the “unique Iris Code” derived from the biometric scan isn’t personal data to avoid the need to comply with deletion requests seems unlikely to fly with regulators.

All in all, it’s easy to see why European privacy watchdogs have so quickly mobilized to express and act on concerns. Although it remains to be seen how fast regulators might move to enforcement if concerns are stood up.

Asked about the DPAs’ activity, Tools For Humanity’s spokeswoman claimed the Worldcoin project complies with all applicable laws (albeit, in some US states that means residents are outright barred from being scanned owing to local laws limiting biometric data processing. “You cannot provide your biometric information at the Orb if you are a resident of the state of Illinois, Texas, or Washington or the cities of Portland, Oregon or Baltimore, Maryland,” notes Worldcoin’s consent form).

She also confirmed that Worldcoin has undertaken a data protection impact assessment — which she described as having been “rigorously” conducted.


In further remarks emailed to us today after we asked for Worldcoin’s response to the Bavarian DPA’s investigation, the Tools For Humanity spokeswoman added:

Worldcoin was designed to protect individual privacy and has built a robust privacy program. The Worldcoin Foundation complies with all laws and regulations governing the processing of personal data in the markets where Worldcoin is available, including the General Data Protection Regulation (“GDPR”). In the European Union, the project is under the supervision of the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutz). The project will continue to cooperate with governing bodies on requests for more information about its privacy and data protection practices. We are committed to working with our partners across Europe to ensure that the Worldcoin project meets regulatory requirements and provides a safe, secure, and transparent service for verified humans.

Sam Altman’s Worldcoin eyeball-scanning crypto project launches


​ Worldcoin, OpenAI CEO Sam Altman’s bid to sew up the market for verifying humanness by convincing enough mobile meatsacks to have their eyeballs scanned in exchanged for crypto tokens (yes, really), only started its official global rollout this week but it’s already landed on the radar of European data protection authorities. Why should anyone feel 

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


TikTok Sues US Gov’t



TikTok is suing the US government to stop the enforcement of a bill that seeks to force the app’s Chinese owner to sell the app or face a ban. The lawsuit argues that the bill violates constitutional protections of free speech and is an “unprecedented violation” of the First Amendment.

Visit of Shou Zi Chew, CEO of TikTok, to the European Commission


  • The bill, the Protecting Americans from Foreign Adversary Controlled Applications Act, was passed last month.
  • The lawsuit was filed in the US Circuit Court of Appeals for Washington, DC.
  • TikTok argues that the bill is a permanent, nationwide ban on a single speech platform and restricts free speech without sufficient reason.

Consulting Firm for your Brand and Film

Government Response

  • The Department of Justice has not commented on the lawsuit.
  • A White House spokesperson directed a request for comment to the Justice Department.
  • John Moolenaar, chairman of the House Select Committee on the Chinese Communist Party, stated that TikTok poses a grave risk to national security and the American people.

Legal Proceedings

  • The lawsuit is expected to add to an already lengthy timeline for a potential ban or sale of the app.
  • ByteDance, TikTok’s Chinese owner, already had over a year to make a move, and legal proceedings will pause the timeline, meaning it could be years before a ban goes into effect.

TikTok’s Efforts

  • TikTok has made efforts to assure the public and US officials that it takes data security seriously.
  • In 2022, the company started “Project Texas,” a move meant to provide data security and transparency around the information the app collects about US users.


  • The lawsuit states that Congress has not offered any evidence suggesting that TikTok poses data security risks or foreign propaganda spread that could justify the law.
  • TikTok claims the law violates the right to due process under the Fifth Amendment and is an unconstitutional bill of attainder.

Continue Reading


Universal Music Group & TikTok Partner in New Licensing Agreement



In a monumental move, Universal Music Group (UMG) and TikTok have announced a pioneering licensing agreement that will transform the music landscape. This historic deal unites UMG’s vast music catalog with TikTok’s massive user base, unlocking unprecedented opportunities for artists, songwriters, and fans worldwide.

Visit of Shou Zi Chew, CEO of TikTok, to the European Commission

A New Era for Music Consumption and Monetization

The agreement marks a significant milestone in the UMG-TikTok relationship, allowing users to once again create videos featuring music from global superstars and emerging talent. The deal also paves the way for innovative monetization opportunities, with TikTok investing in artist-centric tools and campaigns to support UMG artists across genres and territories globally.
A Shared Commitment to Valuing Music and Creativity
Sir Lucian Grainge, Chairman and CEO of UMG, and Shou Chew, CEO of TikTok, hailed the agreement as a “new chapter” in their partnership, built on a shared commitment to promoting the value of music, human artistry, and the welfare of the creative community.

Sir Lucian Grainge, Chairman and CEO of UMG on the left of the photo.

Addressing Generative AI Concerns
The deal also tackles concerns around generative AI, with TikTok committing to work with UMG to ensure that AI development in the music industry protects human creativity and the economics that flow to artists and songwriters.
Deeper Connections and Responsible AI Development
Ole Obermann, TikTok’s Global Head of Music Business Development, emphasized that the agreement will “create deeper connections between artists, creators, and fans” and ensure that AI tools are developed responsibly to enable a new era of musical creativity and fan engagement.
Transformational Partnerships and Advancements
Michael Nash, Chief Digital Officer and EVP of UMG, welcomed the renewed relationship with TikTok, citing the potential for “transformational partnerships” and “significant advancements” in commercial and marketing opportunities, as well as protections for UMG’s industry-leading roster.
A Win for the Music Industry
This groundbreakingagreement is a major victory for the music industry, which has long sought to strike a balance between promoting artistic creativity and protecting the rights of artists and songwriters in the digital age. With UMG and TikTok working together, the possibilities for innovation and growth are endless, and fans can look forward to enjoying music from their favorite artists in new and exciting ways.
Thanks for reading! If you’re interested in reaching an engaged audience and growing your brand, consider advertising with Bolanle Media. Our platform offers a range of opportunities to connect with our readers and promote your products or services. Contact us at to learn more about our advertising options and how we can help you achieve your marketing goals.

Continue Reading


House of Lords to Host Nigerian Innovators



Clean Cyclers, alongside Sustainability Unscripted and other sustainability partners, is gearing up to host the 3rd Edition of the Global Sustainability Summit in the United Kingdom. Scheduled for March 28 – 29, 2024, at the prestigious House of Lords in the Palace of Westminster, the summit aims to raise awareness, promote collaboration across disciplines, tackle global challenges with local solutions, and advocate for social equity.

Canon Otto, the organizer and founder of Clean Cyclers, emphasized the summit’s commitment to inclusivity, prioritizing climate action, environmental stewardship, and identifying policy pathways for sustainable development. Under the theme “Advancing Sustainability, a Journey Towards a Greener Future,” the summit will gather leading visionaries, experts, innovators, and change-makers from global corporations, organizations, and government agencies to brainstorm strategies for adopting the 2030 Sustainable Development Goals.

Sustainability Businessman Otton Canon

The summit will feature panel sessions addressing urgent topics such as climate action, circular economy, renewable energy revolution, sustainable cities, biodiversity conservation, green finance, sustainable agriculture, and climate justice. Additionally, it will recognize and celebrate companies, governments, organizations, and individuals demonstrating commitment to sustainability through practical initiatives and the realization of short-term objectives and long-term goals.

In a statement, the organizers highlighted the broad spectrum of sustainability practices, policies, and innovations aimed at mitigating climate change, conserving biodiversity, protecting natural resources, and promoting social equity. The theme “Advancing Sustainability” underscores the need for a shift from short-term exploitative approaches to long-term regenerative ones, reflecting humanity’s ability to learn, adapt, and innovate.


The summit aims to foster knowledge exchange, collaboration, and actionable solutions over two days of physical gathering at the House of Parliament in London. Participants will explore diverse perspectives, share knowledge, and work together to shape strategies that drive meaningful change and accelerate progress towards a sustainable future.

Continue Reading


    Your Cart
    Your cart is emptyReturn to Shop