Portugal’s National Data Protection Commission (CNPD) has taken a firm stance against Worldcoin, imposing a ban on the collection of biometric data for a period of three months. The decision comes as a result of several concerning factors raised by the CNPD, including the lack of age verification mechanisms for members and the collection of data from minors without parental consent.
One of the key reasons behind the ban is the alleged violation of the General Data Protection Regulation (GDPR) by Worldcoin. The CNPD pointed out that there were insufficient provisions for users to manage their data, including the inability to delete data or revoke consent. This lack of transparency and control over personal information goes against the principles outlined in the GDPR, which specifically addresses the protection of biometric data and minors’ rights.
In response to the ban, Worldcoin has denied any wrongdoing and emphasized its commitment to compliance with all relevant laws and regulations. The Worldcoin Foundation’s data protection officer, Jannick Preiwisch, stated that the company does not allow minors to register through the ORB platform. Preiwisch also highlighted Worldcoin’s introduction of a user-controlled Personal Custody model, aimed at giving users greater control over their data.
Paula Meira Lourenço, President of the CNPD, justified the ban as an “indispensable and justified measure” to protect the rights of the public and minors. She emphasized the urgency of the intervention, citing multiple violations of GDPR standards by Worldcoin. The CNPD’s decisive action reflects its commitment to upholding data protection laws and ensuring the privacy and security of individuals’ personal information.
The ban on biometric data collection in Portugal is not an isolated incident for Worldcoin, as Spain imposed a similar three-month ban earlier in March. This series of actions by European authorities raises serious concerns about Worldcoin’s data collection practices and compliance with data protection regulations. As Worldcoin addresses these allegations and works to improve its data management processes, its reputation and credibility may be significantly affected in the eyes of users and regulatory bodies.
The ban on biometric data collection by Worldcoin in Portugal underscores the importance of compliance with data protection laws and regulations. It serves as a reminder to companies operating in the digital space to prioritize transparency, user consent, and data security to avoid facing legal consequences and reputational damage.