Worldcoin, a crypto project backed by Sam Altman, has been investigated by the Office of the Privacy Commissioner in Hong Kong for potential privacy risks. The project uses iris verification to distribute its tokens, which may violate the Privacy Ordinance and expose sensitive biometric data.
According to a translated version of a statement released by the privacy watchdog, the Sam Altman-backed Worldcoin “involves serious personal data privacy risks.” The investigation was based on a court request and was conducted at six locations on Wednesday, January 23, 2024.
The main concern of the investigation revolved around the iris verification offered by Worldcoin. As noted by Privacy Commissioner Chung Liling, iris data is a subset of biometric data. In general, biometric information is considered sensitive personal data since it is distinct, unchangeable, and unique.
Any individual or entity that collects, retains, processes, or uses personal data in Hong Kong is subject to the Privacy Ordinance’s rules as well as applicable data protection standards. The Privacy Ordinance requires data users to obtain consent from data subjects, ensure data accuracy and security, and limit data retention and use.
Worldcoin had previously faced regulator scrutiny over the same iris biometric in other countries. Due to this regulatory concern, it had ceased providing its Orb-verification service in France, Brazil, and India. The project claimed that it was working with local authorities to comply with the relevant laws and regulations.
Worldcoin’s co-founder and CEO, Alexander Blum, defended the project’s privacy and security measures, stating that the iris data was encrypted and anonymized and that the Orb device did not store any data. He also said that the project was transparent and open-source and that users could opt out of the service at any time.
However, some critics and experts have raised doubts and questions about the project’s privacy and security claims, as well as its ethical and social implications. They have pointed out the risks of data breaches, identity theft, fraud, and coercion, as well as the potential for discrimination and exclusion of certain groups of people.
Hong Kong Increases Its Scrutiny Over Privacy and Data Protection
The investigation comes at a time when Hong Kong is increasing its scrutiny over privacy and data protection, amid a rise in data breaches and cyberattacks.
As per local media reports, Hong Kong saw a 50% increase in reported hacking and breach instances in the previous year, with roughly one-third of those cases involving public sector organizations.
Such an increase in data breaches has led to the administration doubling down on scrutiny and checks. Reuters previously reported that Hong Kong will begin promoting new security measures, stating that the city “cannot afford to wait”.
In November 2022 and November 2023, cyberattacks affected over 73% of Hong Kong enterprises, according to a report released last year by the Hong Kong Productivity Council and Privacy Office. In the wake of the ascending number of data breaches and privacy concerns, the country’s administration is on a run to tackle the situation with strict laws.
