The more information, the more difficult it is to understand. And the more people pass through those points (Orbs) that scan the iris of the eye in exchange for being paid in cryptocurrencies, the more misgivings about the intentions and final destination of those unique biometric data (they do not vary in a lifetime) collected by the company Wordlcoin.

Experts on the subject agree on one thing: “There is a lack of transparency here and this is a project that is currently navigating in legal limbo.” In addition to alerting about the possibility of obtaining data about the person’s health with this iris scan.

But on the ground (yesterday the lines at the points in Barcelona were even longer than on Monday and Tuesday) everything seems, if no authority says otherwise, legal.

Worldcoin – behind the initiative is Robert Altman (OpenIA and ChatGPT) – maintains that what it does complies with the regulations of the countries in which it has landed (there are already 120) and encourages data protection organizations to ask them for all the information they need.

It ensures that “the name, email or telephone number are not necessary to download World App”, an obligatory step to collect the cryptocurrency, and that “the information used to verify human uniqueness is permanently deleted by default, so the only information that is maintained is a message containing an iris code, a unique set of numbers generated by the Orb, which is not linked to any wallet or account.”

It is also emphasized that “the iris code is designed to demonstrate uniqueness, not to obtain information about a person or their identity.”

The Spanish Data Protection Agency (AEPD) is already investigating four complaints. And Worldcoin’s explanations raise, for many, more doubts than certainties.

This is how Eduard Blasi, professor of Law at the Universitat Oberta de Catalunya (UOC), expert in data protection and disseminator at TechAndLaw, understands it. Blasi does not hide his misgivings, especially “in regards to transparency.” He believes that there is a lack of information and that the information offered is not clear about the intentions of this project, which is spending millions on the creation of this iris bank.

Worldcoin explains it like this: “The project helps empower humans in these times and aims to provide a global financial and identity network, owned by the majority of humanity.”

But one of the gaps in this legal limbo – which would be investigating data protection – is whether the consent given to “sell” that biometric data when downloading the World App application “is sufficient to leave a private company in the hands of a private company.” information as private and unique as the iris scan.” If this consent is considered “not informed” it would be “null”. Worldcoin ensures that “it is reported correctly.”

The fact that this transfer of iris data is rewarded or paid with cryptocurrency would pose fewer problems. “Incentivized consent (whether with a payment or offering something else) is a valid modality and complies with data protection regulations,” says Blasi.

“Doubt,” he emphasizes, “occurs deeper; That is, if the way in which that consent is given has a sufficient legal basis as it involves biometric data.” And this applies to both adults and minors, who in the case of Spain “can provide these biometric data from the age of 14,” according to Data Protection.

Leandro Núñez, Audens lawyer and expert in law related to new technologies, wonders, regarding minors, “if they can access a service in which you accept a contract to exchange your data for cryptocurrencies, when a minor does not have the capacity to contract for themselves, beyond those goods and services of ordinary life appropriate to their age.”

There could be another key to that legal limbo. The company ensures that only “clients” over 18 years of age are accepted and that their ID is required. People who have gone through those points do not say this.

Núñez believes he knows what this project seeks: “To serve as a provider of identity verification services on the Internet, offering companies and governments this functionality.”

But warn: “The risk derived from the use of this technology arises from the storage of biometric data of millions of people that cannot be modified. And if they are exposed, as a result of an attack or carelessness, users may be left defenseless against future identity theft.” That does not seem to worry the legion that is selling their irises, most of them very young and some minors.