Personal Information Protection Commission imposes fine on ‘Tools for Humanity’ developer World CoinMore than $830,000 for violating local privacy laws. The decision was made after a thorough investigation into how the company handled personal data. The hefty fine highlights South Korea’s strict data protection regulations and raises questions about how global companies manage user privacy. Let’s take a closer look at what led to these penalties and what they mean for Worldcoin and data privacy standards around the world.
Korea fines WorldCoin for violating personal information protection law
South Korea’s privacy watchdog imposed a fine of 1.1 billion won (about $829,000) on World Coin Foundation and its affiliate Tools for Humanity (TFH) for violating the Personal Information Protection Act.
The Personal Information Protection Commission (PIPC) announced a fine at a general meeting on September 25, saying that the company violated the Personal Information Protection Act (PIPA).
In addition to financial penalties, regulators also issued corrective actions and recommendations to the Worldcoin Foundation for improvement.
The PIPC launched an investigation in February after reports emerged that the company may have collected biometric data in exchange for cryptocurrency.
Regulator finds WorldCoin in breach of data protection laws for collecting biometric data
Following an investigation, South Korea’s privacy regulator found that WorldCoin Foundation and Tools for Humanity (TFH) collected biometric data, including iris scans, from South Koreans without a lawful basis for processing.
According to the Personal Information Protection Commission (PIPC), about 100,000 Koreans have downloaded the World Coin app, and about 30,000 users are using iris authentication. However, it was confirmed that the company violated the Personal Information Protection Act (PIPA) by failing to fulfill its legal obligations.
PIPC pointed out that WorldCoin failed to clearly communicate the purpose of collection or data storage period when collecting users’ biometric information. Additionally, the company did not inform users that their data would be transferred overseas.
Korean law requires companies to disclose where personal data is transferred and the names and contact information of those who receive it. PIPC also criticized WorldCoin for failing to establish an appropriate process for requesting and managing the deletion of sensitive information.
Moreover, regulators found that TFH lacked an appropriate age verification system that would have prevented children under 14 from signing up to the app.