World Pauses German Orb Operations Over Data Privacy and Regulatory Issues

Published Date : 7/11/2025 

World has temporarily suspended its iris scanning operations in Germany following regulatory concerns over data privacy and compliance with GDPR. The company is now navigating legal challenges from German authorities and similar scrutiny in the Philippines. Despite the pause, World remains committed to updating its systems to meet stringent data protection standards. This development highlights the growing tension between biometric technology and global privacy regulations. 

World has temporarily halted its iris scanning operations in Germany, citing the need to address regulatory concerns and update its Orb technology. The decision comes amid a contentious clash with German data protection authorities, who have raised alarms over the company’s handling of biometric data. The pause affects the company’s flagship services in the region, including its World ID Orb, which uses advanced biometric scans to verify user identities. While World has not announced a timeline for resuming operations, the move underscores the challenges of balancing innovation with compliance in the digital age. n n nThe company’s decision to suspend operations in Germany follows a critical report from the Bavarian State Office for Data Protection Supervision (BayLDA). In December 2024, the agency concluded that World’s practices posed significant data protection risks, particularly due to the storage of plain-text iris codes in a database between July 2023 and May 2024. This violation of the European Union’s General Data Protection Regulation (GDPR) has put the company on a collision course with regulators, who argue that such practices compromise user privacy and security. Despite World’s claims that it has since implemented a secure multiparty computation (SMPC) system to encrypt biometric data, the dispute remains unresolved. n n nWorld’s SMPC system, which distributes and encrypts iris biometric data across multiple servers, including those at UC Berkeley and the University of Erlangen-Nuremberg, has been praised by some regulators as a potential solution. However, critics argue that the system’s complexity and reliance on external institutions raise new questions about accountability. Michael Will, president of BayLDA, acknowledged the SMPC’s potential but emphasized the need for rigorous evaluation. 

Frequently Asked Questions (FAQS): 

Q: Why did World pause its operations in Germany?

A: World paused its German operations due to regulatory concerns over GDPR compliance, specifically related to the storage of iris biometric data and potential data protection risks.

Q: What is the SMPC system, and how does it address the issues?

A: The Secure Multiparty Computation (SMPC) system encrypts and distributes biometric data across multiple servers, ensuring no single entity can reconstruct the full dataset. This method aims to enhance privacy but remains under scrutiny for accountability.

Q: What is the current status of the legal battle in Germany?

A: World has appealed the BayLDA’s enforcement order, but the court process is ongoing. While the company is not required to halt operations during the appeal, the outcome could set a precedent for biometric regulations.

Q: How is the Philippines regulating biometric data?

A: The National Privacy Commission (NPC) in the Philippines is investigating World’s compliance with local privacy laws, focusing on consent mechanisms and data retention. The regulator is also developing guidelines for biometric data processing.

Q: What steps is World taking to regain trust?

A: World is updating its EU terms of service, enhancing data privacy policies, and improving communication about its security protocols. The company also plans to re-launch its services in Germany after addressing regulatory concerns. 

More Related Topics :