The Worldcoin case
by mercedes galán
When a new reality manifests itself that does not find an adequate fit in the legal system, it is necessary to adapt the rules in order to offer an adequate regulatory response to this new reality. As Rafael del Castillo Ionov, of counsel at Aledra, points out, “the law cannot be expected to directly regulate a technology, but rather its uses. The recently adopted AI Regulation is framed in this perspective, together with the principle of technological neutrality, which prioritises the underlying legal business over the technology used. In many cases, new technologies can be dealt with by pre-existing legal principles, as has been the case with blockchain technology”.
Del Castillo does not let his guard down in this sense, “it is like asking if we feel safer going out on the street because there is a penal code. It is good that there is a regulation, but then it will have to be applied to different cases of use. The GDPR is from 2016 and we are still seeing how it applies to new situations that the cases that arise. Something similar will happen with the Regulation on AI: companies will innovate, create proposals and then we will see where the red lines are drawn”.
The Challenges of Worldcoin
The implementation of projects like Worldcoin, led by Sam Altman, CEO of OpenAI, poses new challenges in biometric data management and privacy. Despite the potential benefits, concerns arise regarding informed consent and data security.
The central proposition of Worldcoin is the implementation of a verification process of users’ humanity through advanced biometric technology, called Proof of Personhood. The main tool to carry out this verification is futuristic devices called Orbs, which scan the iris of users who wish to be verified.
As Rafael del Castillo explains, “the idea behind it assumes that by conducting a test of humanity by scanning a person’s iris, we will have the certainty that everything signed with a specific World ID will be backed by a real and unique person rather than an AI”.
On a global scale, the project is estimated to have achieved over four million app downloads, with more than 400,000 users in Spain. Many countries have halted the scanning of new users due to concerns expressed by local authorities. Here, the AEPD is conducting an investigation following the filing of complaints.
As del Castillo points out, “what worries is that a biometric data is a unique data that cannot be modified. That is, once we have extracted a print from a unique biometric data, we cannot change it. In that sense, in the event that the security of the systems are compromised, there would be a high risk that a biometric data could end up being traced back to a specific person with all their data”.
