The Hong Kong Privacy Commissioner’s Office (PCPD) announced Wednesday that the cryptocurrency project Worldcoin has violated the city’s Personal Data (Privacy) Ordinance (PDPO). The ruling comes after an investigation into Worldcoin’s collection of sensitive biometric data, including face and iris scans, revealed multiple violations.
Worldcoin, which uses biometric data for user verification, came under scrutiny earlier this year. The PCPD’s investigation found that Worldcoin failed to adequately inform users about the collection of their personal data and did not obtain informed consent. According to the PCPD, 8,302 individuals in Hong Kong had their faces and irises scanned in exchange for Worldcoin (WLD) tokens distributed at regular intervals.
The PCPD’s statement highlighted that Worldcoin contravened several Data Protection Principles (DPPs) in the PDPO, particularly those related to data collection, retention, transparency, and users’ rights to data access and correction. Additionally, Worldcoin retained user data for longer than necessary and failed to provide a Chinese translation of its privacy policy, violating PDPO language requirements.
As a result, the PCPD has issued an enforcement notice to the Worldcoin Foundation, mandating the cessation of all operations involving the scanning and collection of biometric data in Hong Kong. This decision marks a significant action by Hong Kong authorities to uphold data privacy standards and protect individuals’ personal information.