Earlier this week the U.K.’s Information Commission Office (ICO) was asked about Worldcoin launching in the U.K. and said publicly it would be “making enquiries”, before issuing some boilerplate warning that: “Organisations must conduct a Data Protection Impact Assessment (DPIA) before starting any processing that is likely to result in high risk, such as processing special category biometric data. Where they identify high risks that they cannot mitigate, they must consult the ICO.”

Fast forward a few days and France’s data protection authority, the CNIL, has followed the ICO’s remarks with even more specific expressions of concern, as first reported by Reuters — out-and-out questioning the legality of what Worldcoin is doing. The French authority also revealed it’s already been actively investigating Worldcoin.

“The legality of [Worldcoin’s data] collection seems questionable, as do the conditions for storing biometric data,” a CNIL spokesperson confirmed by email, adding: “Worldcoin collected data in France, and the CNIL initiated investigations.”

Read full article on Techcrunch