3 weeks ago
South Korea’s Personal Information Protection Commission (PIPC) imposed a corporate good of KRW 1.14 cardinal ($861,408) connected Worldcoin and its affiliate Tools for Humanity (TFH) for failures related to disclosure requirements, according to a Sept. 25 property release.
The regulator said the companies violated the country’s Personal Information Protection Act (PIPA) by not disclosing the intent of collecting iris data.
According to the decision, Worldcoin is required to wage a good of astir $550,000 (KRW 725 million), portion TFH owes astir $287,000 (KRW 379 million). The PIPC besides issued corrective orders and betterment recommendations to the 2 firms.
Worldcoin Foundation was recovered blameworthy of violating PIPA provisions related to handling of delicate accusation and overseas transfers. Meanwhile, TFH violated its obligations related to overseas transfers of biometric information.
Multiple violations
In February, the PIPC started probing Worldcoin and TFH based connected accusation from complaints and media reports, which alleged that Worldcoin was “collecting biometric accusation without support successful speech for virtual assets (‘Worldcoin’).”
The investigations revealed that the 2 firms had violated respective aspects of the PIPA by collecting idiosyncratic information, similar iris data, “without a ineligible basis.”
Under PIPA, fixed the sensitivity of the biometric information, the 2 firms were required to get consent separately and instrumentality information measures for processing specified data. However, the firms violated the provisions of the law.
Additionally, the regulator said the firms did not pass users of the “purpose of postulation and use” and were not transparent astir the data’s “retention and usage period,” arsenic stipulated by PIPA.
Furthermore, the firms transferred this biometric information to countries similar Germany without fulfilling the transparency obligations imposed by the law, which includes disclosing wherever the information is being sent and details of the receiving company.
The regulator has imposed caller requirements connected the companies, some of which are present required to get abstracted consent erstwhile processing iris accusation and guarantee that specified accusation is lone utilized for the intent of postulation and thing further. They are besides required to notify users of applicable accusation erstwhile transferring iris information overseas.
The probe besides revealed that Worldcoin had not provided an enactment for users to delete oregon suspend the processing of their iris codes, which is required by law. Worldcoin aboriginal amended this by adding a delete relation successful April.
Additionally, WorldApp did not person due property verification procedures successful spot for children nether 14, and TFH has been ordered to instrumentality the due measures arsenic portion of the corrective orders.
The PIPC noted:
“…in bid for idiosyncratic accusation to beryllium safely protected and utilized, consciousness and compliance with the obligations and responsibilities of processors (business operators) nether the extortion laws are much powerfully required than ever.”
The station South Korea levies $860K good connected Worldcoin for compliance failures related to information collection appeared archetypal connected CryptoSlate.
English (US) 