[ad_1]
A German subsidiary involved in Sam Altman’s controversial digital identity business, Worldcoin, has reportedly filed a legal challenge against a suspension order issued by the Spanish Data Protection Authority.
Earlier this week, it emerged that the Spanish authority, AEPD, had instructed Worldcoin to temporarily stop scanning people’s eyeballs or continue processing data already collected from people on the market.
As we reported on Wednesday, the AEPD announced an Article 66 “urgent action” against Worldcoin under the European Union’s General Data Protection Regulation (GDPR), saying it was acting after receiving a number of complaints. The issues of concern I mentioned include the level of information Worldcoin provides about processing; Collect data from minors; How can withdrawal of consent not be permitted? She also stressed the sensitive nature of the biometric data in question, which she said entailed “high risks to people’s rights.”
While Worldcoin’s operating company, Tools for Humanity, is considered a “key institution” in Germany, allowing it to benefit from simplified regulatory oversight through the GDPR’s one-stop-shop mechanism – with the Bavarian DPA (also known as BayLDA) taking a lead role. . Complaints Oversight and Investigation Authority – The regulations contain powers allowing any other air protection authority to issue temporary orders, lasting for up to three months, if they believe there is an “urgent need” to act to protect the rights of local residents.
These orders apply only in the Authority’s own market, and not at EU level. So the AEPD’s temporary ban on Worldcoin only applies in Spain.
Although the GDPR stipulates urgent interventions by non-leading data protection authorities, Worldcoin is defying the AEPD order.
This development was first reported in the German press. Worldcoin spokeswoman Rebecca Hahn emailed a link to the report she published SchwäbischSaying she wanted to bring the matter to TechCrunch’s attention. It also sent a statement (below), attributed to Worldcoin, in which Tools for Humanity claims that its eyeball scanning business is “fully compliant” with all EU laws relating to biometrics, data transfer, data processing, and data protection. The statement also accuses AEPD of circumventing “accepted EU process and rules” – which it claims has left it with “little resources” but to bring a claim.
Here’s Worldcoin’s statement in full:
Worldcoin fully complies with all laws and regulations governing biometric data collection and data transfer, including Europe’s General Data Protection Regulation (“GDPR”). As such, we have been in consistent and ongoing dialogue with our leading data privacy authority in the EU, BayLDA, for several months. We are disappointed that the Spanish regulator circumvented accepted EU procedures and rules, which leaves us no choice but to file a claim.
Hahn did not respond to questions seeking more details about the legal arguments Tools for Humanity intends to make against the AEPD order. Nor to confirm whether Worldcoin and its operators in Spain have complied with the local order to stop scanning and processing people’s data from the market.
AEPD was contacted for comment on the Worldcoin challenge – but had not responded at press time.
According to a Schwebisch report, Worldcoin was “largely developed” in Erlangen in Bavaria, Germany. German computer scientist Alex Plania (pictured above) is one of the founders of Tools for Humanity, along with OpenAI’s Altmann. Plania profile on LinkedIn He lists him as a resident of San Francisco.
At the time of writing this report, it was Worldcoin.org website It still lists five “pop-up” locations in Spain (three in Barcelona, one in Madrid, and one in Malaga) where it says people can go and have their eyeballs examined by one of Worldcoin-owned orbs. However, on Wednesday, Worldcoin listed 29 locations across the country where people can go and get their biometrics for a few cryptocurrency tokens. Which suggests that it may be in the process of closing its market sweeps.
One of the controversial things about this business is obtaining people’s sensitive biometrics in exchange for a payment method. Worldcoin claims that users consent to the processing of their data for this purpose. But in the EU, the GDPR requires consent to be free – and the financial incentive creates a clear incentive that may mean people are unable to consent freely as the law understands it.
Other GDPR-related concerns about Worldcoin include the transparency and fairness of processing; Issues relating to the rights of data subjects, such as the right to erasure of personal data; risks to minors; And questions about data transfers and security.
BayLDA’s investigation into whether Worldcoin complies with GDPR, which began last year, is still ongoing. But the authority told us yesterday that it expects to send a draft decision with its findings to other European data protection authorities for review “very soon”.
Under the GDPR, other authorities with concerns about cross-border processing may raise objections to the draft decision if they do not agree with the lead authority’s findings. If this happens, disputes over decisions will be resolved either by a majority vote, or if the DPAs remain divided, the European Data Protection Board gets a casting vote. This means that although the regulation allows oversight of entities like Worldcoin to be led by a single authority, it is designed to ensure that other relevant authorities remain involved in decisions that affect users in their respective markets.
In Catalonia, the autonomous community in Spain where Worldcoin currently lists the highest number of eyeball-scanning popups (three), As the local press reported recently The regional government has responded to concerns about the company’s biometric scans by publishing a statement condition Contains advice and warnings from the Catalan Data Protection Authority.
The article warns against “particularly sensitive personal data” collected via iris scans; the risks of harm resulting from misuse of this data; It raises specific concerns about collecting children’s data without obtaining the necessary consent from a parent or guardian.
The article also notes that “several” EU authorities are currently investigating whether Worldcoin complies with the General Data Protection Regulation.
[ad_2]
Source link
