Maria Inês Costa (PhD Candidate at the School of Law of the University of Minho. FCT research scholarship holder – UI/BD/154522/2023)
▪
In Portugal, more than 300,000 people have already “sold” their iris scan to Worldcoin Foundation, which in return offers them cryptocurrency. In March 2024, the Portuguese data protection authority (hereinafter, the CNPD) decided to suspend the company’s collection of iris and facial biometric data for 90 days in order to protect the right to the protection of personal data, especially of minors, following in the footsteps of Spain, which also temporarily banned the company’s activities for privacy reasons.[1]
In a statement, the CNPD explains that the company has already been informed of this temporary suspension, which will last until the investigation is completed and a final decision is made on the matter. The adoption of this urgent provisional measure comes in the wake of “dozens of reports” received by the CNPD in the last month, which report the collection of data from minors without the authorisation of their parents or other legal representatives, as well as deficiencies in the information provided to data subjects, the impossibility of deleting data or revoking consent.[2] In CNPD’s press release, one can read that “[g]iven the current circumstances, in which there is unlawful processing of the biometric data of minors, combined with potential infringements of other GDPR rules, the CNPD considered that the risk to citizens’ fundamental rights is high, justifying an urgent intervention to prevent serious or irreparable harm.”[3]
Continue reading “Iris collection as a proof of personhood: current trends on biometric recognition”