Facing bans or investigations by multiple countries, can Worldcoin still maintain high growth?

Can Worldcoin maintain high growth despite facing bans or investigations from multiple countries?

The data privacy issue of Orb is attracting attention from multiple countries.

According to the official website, Worldcoin currently has over 2.2 million World IDs generated through the Orb iris information collector, with Orb business expanding to more than 35 cities in over 20 countries worldwide. Especially after its issuance, the number of registered World IDs doubled in growth rate.

However, the rapid growth of the World APP has also drawn the attention of regulatory authorities in various countries.

On August 2nd, Kenya, the country with the highest utilization rate of Orb, announced the suspension of further collection of iris information for the project. As the first country to explicitly halt Orb business, Kenya is sounding the alarm for many other countries. So far, Germany, the United Kingdom, France, and other countries have also launched investigations into Worldcoin:

1. The Kenyan government has suspended Worldcoin-related activities;

2. The German financial regulatory authority Bafin is investigating Worldcoin;

3. The French privacy regulatory authority: the legality of Worldcoin “seems doubtful” and is assisting the authorities in Bavaria, Germany in their investigation;

4. Reuters: The UK data regulatory authority will conduct further investigations into Worldcoin.

Obviously, there is a certain clash between the collection of biometric data and existing data protection regulations. As a “decentralized” and borderless blockchain project, it is difficult to apply the data collected by Worldcoin to the laws and regulations of a single region in terms of storage, ownership, circulation, and use.

In this regard, Odaily Daily Planet has found relevant regulations in some major adopting countries/regions:

1. Kenya: Kenya’s definition of biometric technology is mainly based on its “Data Protection Act 2019” and “Identification and Registration Act 2019” and other laws and regulations. According to these laws, an individual’s biometric data is considered sensitive personal data and can only be collected and used with explicit consent and legitimate purposes.

2. European Union: The European Union restricts the collection and use of biometric data through the General Data Protection Regulation (GDPR). According to the GDPR, individuals must give explicit consent for their biometric data to be collected and used, and have the right to access, rectify, erase, and restrict the processing of their biometric data. In addition, the GDPR requires data processors to take appropriate technical and organizational measures to ensure the security and privacy of biometric data.

3. United Kingdom: According to the UK’s “Data Protection Act 2018” and “Human Rights Act,” an individual’s biometric data is considered sensitive data and is subject to special protection. When using biometric technology, it is necessary to comply with applicable data protection principles and legal requirements, including explicit consent, legitimate purposes, and transparency, etc.

4. China: China has enacted laws such as the “Personal Information Protection Law” and the “Data Security Law” to protect personal data privacy and data security, including biometric data.

5. Singapore: Singapore’s Personal Data Protection Act establishes the protection of biometric data. The law requires data processors to adhere to specific data protection principles, such as clear purpose limitation, reasonable use, and security protection.

Among them, the European Union’s General Data Protection Regulation (GDPR) has a higher level of legal effect.

Therefore, Worldcoin explicitly states in the biometric consent form disclosed on its official website:

“We comply with the principles of GDPR regarding privacy matters. If the data privacy laws of your country do not reach the level of protection provided by GDPR, we will still process your data in accordance with GDPR (protection specifications).”

Specifically, in Section 3.6 of the “Biometric Consent Form,” Worldcoin provides detailed explanations of the guidelines followed and risk mitigation measures taken in different regions during the collection and transfer of data. In summary, “We will not profit from users’ biometric data through buying, selling, renting, or any other means.”

We also discovered a detail in the “Consent Form” – although Worldcoin claims that the iris information collected by Orb will be deleted at the same time as generating the World ID to ensure privacy is not leaked, the relevant data is not only stored locally but also transferred to companies in the United States or the European Union for model training. The risk control plan provided by Worldcoin is that the relevant data is encrypted unidirectionally, generating digital codes, and will not directly transmit images.

From a technical perspective, Vitalik discussed privacy and security issues related to iris collection in “What do I think about biometric proof of personhood?” and expressed:

1. Users’ phones may be hacked, and users may be forced to scan their irises when displaying their public keys. There is also the possibility of using 3D printing technology to create “dummy people” who can scan irises and obtain others’ World ID.

2. The iris scanning register may leak information, at least it may be used to check whether one has a World ID, and iris scanning may also reveal more information. Privacy protection measures need to be considered when implementing such technology to prevent unauthorized access and protect users’ privacy.

Looking at the positive aspect, Worldcoin, which aims to become the human ID in the AI era, has indeed attracted the attention of governments around the world with this radical approach. Perhaps this is an opportunity to push various regions to discuss more widely accepted personal data protection standards. At the same time, from the perspective within the industry, Orb has opened a new “real” traffic window for the Web3 world.

On the other hand, in terms of practical implementation, it is not realistic to allow a company to control global identity data. The single point of technological and moral risk involved is significant. Moreover, as the foundation for implementing “universal basic income,” Orb’s uniform 25 WLD “iris data acquisition price” will naturally encounter resistance from developed regions that value “data sovereignty.”