Colombia’s Superintendence of Industry and Commerce (SIC) has recently taken action against Worldcoin Foundation and Tools for Humanity for allegedly violating the country’s personal data protection regulations. The formal proceedings were initiated on August 16, following an announcement made by the SIC on August 21. This move comes as part of the SIC’s mandate to safeguard personal data in the country and ensure that organizations comply with the regulations governing the collection and processing of sensitive personal information.
The investigation launched by the SIC will primarily focus on whether Worldcoin Foundation and Tools for Humanity obtained explicit and informed consent from individuals for the collection of their data. Moreover, the regulatory body will look into whether the companies implemented adequate policies for the treatment and security of data, as well as provided sufficient mechanisms for addressing complaints and consultations from data subjects. If found guilty, the SIC has the authority to impose severe penalties, including fines of up to 2,000 times the monthly minimum wage, suspension of activities for up to six months, or even the temporary or permanent cessation of operations.
The ongoing investigation underscores the growing scrutiny faced by tech companies over their data practices, particularly as they expand their operations globally. Worldcoin, in particular, has faced similar regulatory challenges in other jurisdictions due to its ambitious plans to create a global digital identity system using biometric data. The project, co-founded by Sam Altman, has encountered regulatory hurdles in various countries, casting doubts on the adequacy of its data protection measures.
In Kenya, concerns over data protection laws led to the suspension of Worldcoin’s operations in August 2023. While the authorities later concluded their probe without alleging any wrongdoing, the incident raised red flags about the project’s compliance with regulatory standards. Similarly, European authorities have been investigating Worldcoin’s data practices under the General Data Protection Regulation (GDPR). Germany’s Bavarian State Office and France’s CNIL are looking into consent and data processing standards, as well as alignment with national privacy laws, respectively.
The impact of the allegations is not limited to specific regions, as countries like Spain, Hong Kong, Portugal, and Argentina have also taken action against Worldcoin. Spain extended the ban on Worldcoin’s operations until the end of the year, while Hong Kong prohibited its data collection over privacy concerns. Portugal previously suspended Worldcoin’s operations for a three-month period, and Argentina has charged the project with violating consumer laws and is seeking substantial fines. These actions demonstrate the broader implications of data protection violations in an increasingly interconnected global economy.
The formal proceedings initiated by Colombia’s Superintendence of Industry and Commerce against Worldcoin Foundation and Tools for Humanity signal a broader trend of increased scrutiny on tech companies’ data practices. As the investigation unfolds, it remains crucial for organizations to prioritize data protection and compliance with regulatory standards to protect individuals’ fundamental rights and safeguard personal information in an ever-evolving digital landscape.