The Spanish Data Protection Agency (AEPD) has ordered Worldcoin to immediately cease the collection and use of personal data in Spain.
According to Reuters, the agency has imposed a three-month restriction period following complaints about inadequate disclosure of information, collecting data from minors, and the inability to withdraw consent for information sharing.
The AEPD cited the processing of biometric data as subject to the GDPR and presenting “high risks for human rights.”
The agency explained that these urgent measures were necessary to prevent potential harm.
The main product of Worldcoin, the World ID protocol, utilizes zero-knowledge proofs to allow individuals to authenticate themselves using biometrics or a phone number.
