South Korea’s Personal Information Protection Commission has fined Tools for Humanity, the company behind Worldcoin, over $830,000 for violating local privacy laws. The decision comes after a thorough investigation into how the company handled personal data. This hefty fine highlights the strict data protection regulations in South Korea and raises questions about how global companies manage user privacy. Let’s dive into what led to this penalty and what it means for Worldcoin and data privacy standards worldwide.
South Korea Imposes Fine on Worldcoin for Breaching Personal Data Protection Laws
South Korea’s personal data watchdog has fined the Worldcoin Foundation and its affiliate, Tools for Humanity (TFH), 1.1 billion Korean won (approximately $829,000) for breaching the nation’s personal information protection laws.
During a plenary session on September 25, the Personal Information Protection Commission (PIPC) announced the penalty, stating that the company violated the Personal Information Protection Act (PIPA).
In addition to the financial penalty, the regulator issued corrective measures and recommendations for improvement to the Worldcoin Foundation.
The PIPC launched an investigation in February following reports that the company might have been collecting biometric data in exchange for cryptocurrency.
Regulator Finds Worldcoin in Breach of Data Protection Laws Over Biometric Data Collection
Following its investigation, South Korea’s privacy regulator found that the Worldcoin Foundation and Tools for Humanity (TFH) collected biometric data, including iris scans from South Koreans, without a lawful basis for processing.
According to the Personal Information Protection Commission (PIPC), nearly 100,000 South Koreans downloaded the Worldcoin app, with around 30,000 users utilizing iris authentication. However, the company was found in violation of the Personal Information Protection Act (PIPA) by not meeting its legal obligations.
The PIPC noted that when Worldcoin collected users' biometric data, it failed to clearly communicate the purpose for collecting it or the length of time the data would be stored. Additionally, the company did not inform users that their data would be transferred overseas.
South Korean law requires that companies disclose where personal data is sent, along with the names and contact information of those receiving it. The PIPC also criticized Worldcoin for not establishing proper processes to request and manage the deletion of sensitive information.
Moreover, the regulator found that TFH lacked an adequate age verification system to prevent children under 14 from signing up for the app.