Portugal’s data regulator, the Comissão Nacional de Proteção de Dados (CNPD), has imposed a 90-day suspension on Worldcoin’s biometric data collection activities in the country, citing complaints about the unauthorized collection of data from minors, inadequate communications regarding their iris-scanning Orb program offering crypto tokens in exchange for biometrics, and other risks to personal digital rights.
In a release, the CNPD says the “urgent provisional measure” is in response to a notable spike in activity by the firm, with the number of locations hosting an Orb device for biometric data capture almost doubling in six months. Furthermore, says the regulator, “there is no mechanism for verifying the age of members.”
…
Reuters reports the CNPD suspension applies to the Worldcoin Foundation – “a Cayman Islands entity described on its website as ‘memberless’, having no owners or shareholders.” It is intended to be temporary while the data regulator does due diligence in following up on complaints. But observers of the Worldcoin story might find themselves likening it to a game of Whac-A-Mole, as the company pops up in country after country, only to find itself facing the regulatory hammer.
Portugal joins Kenya, Spain, Germany, France, India, Brazil, Argentina, South Korea and Hong Kong in raising regulatory eyebrows at Worldcoin, which is owned by Tools for Humanity, a venture of Open AI creator Sam Altman.
I am absolutely baffled how this project wasn’t instantly shut down the moment it was announced.
Aside from the fact there’s no evidence any form of service will be provided, the whole thing seems like a giant breach of data waiting to happen. Nothing about this is ethical, nor a good idea.
Same goes for all of these crypto driven projects, they all follow the same pyramid scheme scam formula where the only one actually benefitting from it all is the creator of the project. Yet they all publish these buzzword filled whitepapers stating how they’re going to change the world.
When it comes to potentially sensitive information (which is especially true for any identifying information), the first rule of security is that everything is need-to-know only. You don’t need my biometric information in order to legally identify me, therefore you are not collecting my data.
It’s baffling to me that there’s little public pushback on it but I can see that what it collects could be quite useful for surveillance capitalism and the military industrial complex.