German regulator orders Worldcoin to delete users’ biometric data

BayLDA has concluded that the company’s actions violate the GDPR. Any data collected without a legal basis must be deleted. In addition, World is now required to obtain explicit consent from users for key stages of data processing.

“Our requirement is aimed at ensuring compliance with European standards for the protection of personal data. Anyone who has provided their biometric data should have the right to have it deleted unconditionally,” said Michael Will, CEO of BayLDA.

World disagrees with the regulator’s decision and intends to appeal it. In an official statement, the company said that BayLDA's comments concern outdated technologies and methods that were upgraded in 2024. According to the company, the updated data storage system ensures that all information is stored only on users' devices, and not in World's systems or with third-party companies.

World also emphasized that it has implemented anonymous multi-party computing (AMPC) technology, which eliminates the storage of retinal data. Neither the company nor third parties can determine the identity of the owner of the World ID, which, according to the company, makes the regulator's accusations unfounded.

At the same time, Worldcoin is reviewing its priorities in the market. According to the head of the European division, Fabian Bodensteiner, the company is no longer focused on Europe and will focus on the markets of Asia and Latin America. However, problems continue to haunt the project: in April, the authorities of Buenos Aires also revealed violations in its activities.