What Personal Data Does Worldcoin Collect From You?

Worldcoin, the new cryptocurrency project by Sam Altman, the owner of US generative Artificial Intelligence (AI) company OpenAI, has generated significant excitement on the internet in the past seven days. The global launch of the project saw over 350,000 Kenyans registering by scanning their eyeballs through an orb to obtain a digital identity called World ID. This process granted them 25 free cryptocurrency tokens known as WLD, which are currently valued at Ksh.8,256, with one token trading at Ksh.344.90.

Despite concerns about data security and privacy both internationally and locally, Kenyans enthusiastically flocked to registration centers in Nairobi, such as shopping malls, to get their irises scanned and receive the free tokens. However, the government decided to halt all activities associated with the cryptocurrency project due to data security concerns.

OpenAI, the company behind Worldcoin, maintains that user data is secure within the crypto project and provides the option for users to delete or store their data in encrypted form.

Regarding data collection, Worldcoin does not retrieve personal data, such as name, phone number, and address, from users when they download the World App. The only data collected is images of the iris, which are used to generate a unique iris code. These images are immediately deleted by default, except when the user chooses to opt into Data Custody. In such cases, the probability and frequency of the user needing to reverify their World ID decrease as the iris code algorithms change. Worldcoin clarifies that the sign-up process is solely intended to verify an individual’s uniqueness, not to collect personal information.

Worldcoin ensures the security of any personal data shared with them by encrypting it both during transmission and storage. The Worldcoin Foundation and its contributor, Tools for Humanity, promise not to share any personal data, including biometric data, with anyone not involved in the Worldcoin project. They also do not sell user data. Additionally, Worldcoin explicitly obtains consent from users before collecting any biometric data.

The government of Kenya has engaged with Worldcoin through the Office of the Data Protection Commissioner to discuss the data safety implications of their operations in the country. However, the government suspended the project to conduct a thorough investigation into its authenticity and legality.

In Europe, the project has also drawn attention from regulatory bodies. The United Kingdom’s Information Commission Office and France’s privacy watchdog CNIL expressed interest in Worldcoin’s operations and raised questions about the legality of its biometric data collection, given the General Data Protection Regulation (GDPR) regulations in EU member states.

In conclusion, Worldcoin’s launch in Kenya has garnered significant interest, but data security and privacy concerns have led to government investigations both in Kenya and Europe. The company claims to prioritize data security and allows users to control their data, but authorities are carefully assessing the project’s compliance with data protection regulations.