South Korea’s Personal Information Protection Commission (PIPC) has imposed a fine on Tools for Humanity, the developer behind the Worldcoin project, for violating local data privacy laws.
The commission announced that the company was fined over 1.1 billion Korean won (roughly $830,000) for allegedly mishandling personal data and breaching overseas data transfer regulations.
These violations primarily centered around the collection and transfer of sensitive biometric data, particularly iris scans, without proper consent and notification.
More Details On The Matter
The PIPC disclosed in a press release uploaded on September 26 that Worldcoin did not adequately inform users about the purpose of collecting their iris data or the period for which this information would be retained.
Additionally, before March 22, the project had not provided a Korean translation of its consent form for biometric data collection, making it difficult for users in South Korea to understand what they were agreeing to.
This led to the project’s Foundation being fined 725 million won (approximately $545,000) for its mishandling of sensitive information and the subsequent transfer of that data to foreign entities.
In addition, Tools for Humanity (TFH) faced a 379 million won (approximately $285,133) penalty for failing to comply with the local regulations governing international data transfers.
The PIPC also detailed that Worldcoin and TFH did not sufficiently disclose to users where their personal information was being transferred and failed to provide details about the recipients, such as their names and contact information, as mandated by South Korean law.
Moreover, the investigation highlighted that Worldcoin did not have an established procedure for users to request the deletion of their iris data. It was also reported that Tools for Humanity did not adequately verify the ages of signees under 14 until April 2024, raising additional concerns about data privacy.
The Catch And Worldcoin Response
Despite these shortcomings, the PIPC revealed in the press release that it has not imposed a complete ban on the collection of sensitive biometric data by Worldcoin in South Korea. The commission indicated that the project could continue its data collection activities should the aforementioned issues be resolved.
Notably, the investigation into Worldcoin and TFH by the PIPC began earlier this year, the release noted:
The Personal Information Protection Commission began an investigation in February of this year following complaints and media reports that “Worldcoin is collecting biometric information without permission in exchange for virtual assets (‘Worldcoin’).”
In response to the ruling, TFH expressed its willingness to comply and highlighted that they have since remedied the issues found by the regulators.
In a press release, the company stated that they “welcome” the PIPC’s decision and emphasized that the weaknesses identified were related to the initial disclosures provided when Worldcoin first launched in South Korea.
According to the company, the PIPC’s investigation concluded that Worldcoin’s operations, including the use of their “Orb” device for verifying user identity, are now in compliance with the country’s data protection laws.
Featured image created with DALL-E, Chart from TradingView