Hong Kong rules that Worldcoin WLD violates privacy laws, orders to cease collecting iris scans of Hong Kong citizens.
Table of Contents
Table of Contents
Investigation Results Released: Privacy Commissioner Rules Worldcoin Violated Laws
The Office of the Privacy Commissioner for Personal Data in Hong Kong announced on 5/28 the findings that the operation of the Worldcoin WLD project in Hong Kong violated the Personal Data (Privacy) Ordinance, with the investigation initiated in January 2024.
Hong Kong Privacy Commissioner investigates Worldcoin for collecting iris data in breach of privacy laws
Secret Operations by the Privacy Commissioner's Office
From December 2023 to January 2024, the Privacy Commissioner's Office conducted 10 secret investigation operations at six Worldcoin operating points in Hong Kong. On January 31, 2024, the Commissioner's Office obtained a court order to conduct thorough investigations at six operating points in Yau Ma Tei, Kwun Tong, Wan Chai, Cyberport, Central, and Causeway Bay. After two rounds of questioning, the investigation was concluded.
Violation Findings: Iris Scans and Data Collection
The investigation revealed that individuals participating in Worldcoin needed to undergo iris scans for identity verification, generate iris codes to obtain the World ID digital passport, and regularly receive the cryptocurrency WLD. During its operation in Hong Kong, Worldcoin conducted facial and iris scans on a total of 8,302 individuals.
Ruling: Multiple Privacy Law Violations
Privacy Commissioner Ada Chung ruled that Worldcoin's operation violated several data protection principles listed in Schedule 1 of the Privacy Ordinance:
- The collection of facial and iris images was deemed unnecessary and excessive.
- Worldcoin unfairly collected personal data, with documents lacking Chinese versions, operating point staff failing to fully explain or confirm participants' understanding of document contents, and not informing participants of risks or answering queries.
- Participants were not clearly informed of the purposes of data collection, whether data provision was voluntary, data transfer recipients, and statutory information on rights to access and correct data.
- Worldcoin retained personal data for up to 10 years for training artificial intelligence models for identity verification processes, considered excessive data retention.
- Transparency in policies and practices for handling personal data was lacking, with a lack of a Chinese version of the Privacy Statement making it difficult for participants whose native language is Chinese to understand relevant policies and terms.
- Participants were unable to exercise their rights to access and correct personal data.
The Privacy Commissioner has issued a compliance notice to Worldcoin, requiring it to cease the use of iris scanning devices to collect citizens' iris and facial images in Hong Kong.
Spain issues a three-month ban on Worldcoin, and South Korea initiates an investigation: action will be taken if found in violation of the law.
Related
- Indonesian Cryptocurrency Market Surges: 60% are Young Adults Aged 18-30, with Trading Volume Reaching $27.1 Billion This Year
- The Wall Street Journal: US Federal Authorities are Investigating Tether
- Legislator Kuo Ju-chun questioned the Financial Supervisory Commission, which confirmed that the registration system for Virtual Asset Service Providers (VASPs) in Taiwan will be implemented earlier on December 1st this year.