South Korea’s Personal Information Protection Commission (PIPC) stated at its general assembly meeting on September 25, 2024 that Worldcoin Foundation and TFH violated the Personal Information Protection Act (PIPA) in the country.

According to the commission’s investigations, these companies collected biometric data, such as iris scans, from individuals in South Korea. This data collection was carried out without a clear legal basis specified in the law.

PIPC announced that it initiated this investigation in response to complaints from citizens in February and encountered personal data breaches of Worldcoin and TFH in the process.

According to PIPC’s findings, approximately 100,000 South Koreans downloaded Worldcoin’s app, while close to 30,000 of them authenticated using iris verification.

However, the Commission found that Worldcoin and TFH did not provide legally required information to users when collecting this biometric data, such as the purpose of data collection and the retention period. Additionally, it was revealed that users were not informed that this data would be transferred abroad.

According to the PIPA law, companies that collect personal data must inform users of which countries this information is transferred and the contact information of the institutions with which this information is shared. PIPC stated that Worldcoin and TFH did not comply with these requirements and did not provide the necessary transparency regarding the transfer of users’ data abroad.

In addition, PIPC emphasized that Worldcoin has an inadequate procedure for deleting the data it collects. According to South Korean law, personal data owners should have the right to request the deletion of their data and a clear process should be established to process these requests. However, this process seems to have been left incomplete by Worldcoin.

Additionally, PIPC stated that Worldcoin’s age verification procedures are not sufficient. South Korean laws contain strict regulations that prevent children under the age of 14 from participating in biometric data processing. However, Worldcoin and TFH were criticized for not fully establishing the necessary mechanism to verify users’ ages.

As a result of these violations, PIPC fined the companies a total of 1.1 billion Korean won (approximately $829,000). Additionally, PIPC also issued improvement suggestions and corrective orders to companies. Companies are expected to improve their data collection processes in line with these orders and bring future data processing into compliance with the law.

Despite all these developments, Worldcoin’s native token WLD has exhibited a significant rise in recent weeks. WLD token, which was $1.60 on September 19, gained 35% in value and reached $2.16 as of September 26. This increase reflects continued user interest despite regulatory scrutiny of the project.

These legal challenges faced by Worldcoin and TFH reveal that the company needs to take more careful steps regarding data privacy and security at a global level. It is of great importance for such projects to strengthen their legal compliance, especially since biometric data collection is subject to strict regulations in many countries.