Back to the Blog Main Page
22/05/24
270
Hong Kong’s Privacy Commissioner Orders Worldcoin to Stop Operations
On May 22, the Office of the Privacy Commissioner for Personal Data (PCPD), Hong Kong, issued a media statement noting that the operation of the Worldcoin project in Hong Kong is against the Personal Data (Privacy) Ordinance (PDPO).
Hence, the authorities have issued an enforcement notice to the Worldcoin Foundation, directing it to stop operating the Worldcoin project in Hong Kong, including scanning and collecting iris and face images of members of the public using iris scanning devices.
The PCPD started investigating the Worldcoin project five months ago based on concerns that its operations in Hong Kong may pose critical risks to personal data privacy. The investigations were aimed at determining whether the operation is against the requirements of the PDPO.
Ten covert visits were carried out between December 2023 and January 2024 at six premises used for the Worldcoin project. After two rounds of inquiries and completion of the investigation, it was discovered that they have scanned the faces and irises of 8,302 individuals for verification in Hong Kong.
“The investigation findings revealed that participants of the Worldcoin project needed to allow the relevant organisation collect their face and iris images through iris scanning to verify their humanness and generate iris codes, thereby obtaining a registered identity (namely, World ID; Worldcoin called it a digital passport), after which the participants would be able to receive Worldcoin tokens, a cryptocurrency, at regular intervals for free,” reads the statement.
The authorities concluded that the face and iris images collected by the Worldcoin project were excessive and not necessary, contravening the requirements of DPP. Participants were not informed about the potential risks associated with their disclosure of biometric data, nor did they answer their questions.
Worldcoin wants to retain personal data for up to ten years to train AI models for the user verification process, but the period is considered too long and prolonged retention of personal data.
Promotions
