KEY POINTS
- Worldcoin cited a Trail of Bits assessment that found its Orb doesn’t store user’s personal data
- Spain said earlier this month that it received “several complaints” about Worldcoin “infringements”
- Worldcoin previously said Spain’s AEPD was spreading misleading information about the crypto project
Sam Altman-backed biometric crypto project Worldcoin on Thursday reiterated that its Orbs don’t store people’s personal data, citing a third-party assessment that found the custom biometric imaging devices only collect a user’s “iris code.”
In the assessment report by technical security firm Trail of Bits, it was noted that Worldcoin’s Orb doesn’t extract any sensitive information from a user’s device. “The only information the orb collects from a user’s phone is in the QR code,” as per the report.
Worldcoin noted the security firm’s findings in a Thursday blog, reiterating that the project is “founded on a commitment to privacy and security.” Furthermore, it cited the findings that said a user’s “iris code,” or the numeric representation of a user’s iris texture, “is not written to persistent storage on the Orb.”
The crypto project’s blog was published days after the Spanish Data Protection Agency (AEPD) ordered a precautionary measure against Tools for Humanity Corporation, Worldcoin’s developer. “The AEPD has received several complaints [about the company] denouncing insufficient information, collection of data from minors and preventing the withdrawal of consent, among other infringements,” the agency said.
Worldcoin is now barred for a maximum of three months from “continuing to process personal data in Spain” under the temporary prohibition of activity. Such a measure is taken when a government agency deems intervention is “urgent” when the rights and freedoms of the public may have been violated.
The AEPD went on to defend its decision, saying a lack of such measures “would deprive individuals of the protection to which they are entitled to,” adding that the move was justifiable as it could prevent “potentially irreparable damage.”
Following the temporary ban, Jannick Preiwisch, data protection officer at the Worldcoin Foundation, said the crypto project had been engaging with respective authorities for several months and its efforts to provide an “accurate view” of the project have “gone unanswered for months.”
Preiwisch said the AEPD was spreading misleading and inaccurate claims about Worldcoin’s technology, but the project was still thankful to finally have the opportunity to provide “important facts” about just how essential and lawful its technology is.
This is not the first time Worldcoin was scrutinized for alleged data privacy breaches. Its business model has also been questioned, considering how the project offers its iris scanning technology in exchange for cryptocurrency.
Regulators in the United Kingdom, Germany, Argentina and France have said they will investigate the project to determine how Worldcoin uses sensitive biometric data. The biggest move was made by Kenya, which suspended Worldcoin from operating in the country until experts thoroughly assess the risks the project poses to the Kenyan public.