The South Korean Personal Information Protection Commission has fined Worldcoin Foundation and Tools for Humanity Corporation (TFH).
The fines total 1.104 billion won (approximately US$790,000) for violations of the Personal Information Protection Act.
Worldcoin, a cryptocurrency project developed by Tools for Humanity (TFH), which was founded by Sam Altman, aims to promote digital identification through iris scanning technology.
The commission found that the companies collected and transferred sensitive iris data from South Korean users without obtaining proper consent or providing adequate notification.
Approximately 93,463 people in South Korea downloaded the World App, and 29,991 of them used iris authentication as of 6 September 2024.
Additionally, the Worldcoin Foundation failed to establish a method for users to request the deletion of their iris data, and TFH lacked sufficient age verification procedures for minors.
The investigation, prompted by complaints and media reports, alleged that Worldcoin was collecting biometric information in exchange for cryptocurrency without proper authorisation.
Worldcoin maintained that its iris code technology could only confirm duplicate registrations and not identify specific individuals, thus classifying it as anonymous information.
The company also highlighted its use of advanced security measures in processing iris data.
However, the commission determined that the iris code constituted sensitive biometric information and its collection and processing required explicit user consent, which was not obtained.
As a result, the Personal Information Protection Commission imposed fines of 725 million won on the Worldcoin Foundation and 379 million won on TFH.
The companies were also issued corrective orders to strengthen consent procedures, ensure data is used only for its intended purpose, and guarantee user data deletion upon request.
Additionally, they were mandated to implement age verification procedures and improve notification practices for overseas data transfers.
This case comes as similar privacy concerns have been raised in other regions.
In Hong Kong, the Worldcoin project was found to have breached local privacy laws in May of this year.
Authorities flagged issues related to the collection and use of biometric data without proper safeguards, particularly the lack of transparency in how data was collected, stored, and handled.
Hong Kong’s Privacy Commissioner also noted that the project failed to explain how sensitive biometric data would be protected, further violating privacy regulations in the region.
Featured image credit: Edited from Pexels