A World View: GDPR and anonymization in Europe

World ID is anonymous by design. 

World Foundation thanks the Bavarian data protection authority (BayLDA) for their thorough examination of the project. In its official press release, BayLDA notes how World “improved its data protection concepts several times” over the course of the inquiry, emphasizing in particular “the strengthening of data subjects' rights.” 

These improvements refer to, among other things, the implementation of World’s Personal Data Custody system, which ensures all personal data used to create a World ID is  only stored on person’s device and is not retained by World or any third party, as well as a groundbreaking anonymized multi-party computation (AMPC) system, described below. 

Because these improvements only became possible within the past 12 months thanks to technological innovations, the results of BayLDA’s inquiry largely pertain to outdated operations and technologies that have been replaced in 2024.

What the BayLDA’s decision clearly illustrates, however, is the urgent need to establish a clear and consistent definition of anonymization in the EU that will help protect personal data in the age of AI. GDPR currently does not provide this, and both World Foundation and World contributor Tools for Humanity (TFH) believe it is essential for this issue to be addressed quickly in order to ensure that laws and regulations protect the privacy of EU citizens while making available technology including AI that is trained on EU data to respect EU culture and norms.

In addition to Personal Data Custody, and in effort to go above and beyond the requirements of GDPR, iris codes used to verify a person’s World ID are no longer stored, and the previously collected iris codes were voluntarily deleted to ensure no personal data is retained to operate World ID. 

This was made possible thanks to a next-generation, Anonymized Multi-Party Computation (AMPC) setup that is now being used to further improve upon the original SMPC setup first announced in May 2024. The application of this groundbreaking technology ensures that iris codes are neither retained nor stored. Neither World nor any third party know who the individual owner of a World ID is. Instead, anonymized data in the form of cryptographically encrypted secret shares are used to enable the anonymous operation of World ID. This data is stored with trusted third parties.

Existing European law does not give a clear standard for what constitutes anonymization, and neither the European Court of Justice nor the EU data protection authorities have agreed-upon guidance. This makes it extremely difficult to build privacy-preserving systems and safely harness data for good in the EU. More importantly, it puts citizens at risk. 

“Data anonymization, not just data deletion, is essential for enabling people to verify themselves as human online while remaining completely private. Without a clear definition around anonymization, however, we lose perhaps our most powerful tool in the fight to protect privacy in the age of AI,” said Damien Kieran, Chief Legal and Privacy Officer at TFH. 

“The breakthrough multi-party computation setup implemented by World Foundation makes it effectively impossible to link anonymized data back to an individual. We believe strongly that this kind of effective anonymization should be the standard. If what’s required, however, is true technical anonymization, or absolute certainty that anonymized data cannot be linked back to a person even in purely theoretical situations, that would render anonymization impossible and instead incentivize companies to continue storing personal data in an identifiable form.”

The critical nature of this issue is why World Foundation is appealing the BayLDA’s decision. Specifically, the appeal is designed to seek judicial clarity on whether the processes and, in particular, the Privacy Enhancing Technologies (PETs) deployed by World Network meet the legal definition for anonymization in the EU. 

World Foundation and TFH will continue to work closely with regulators in the EU and elsewhere to ensure this important question is answered in a way that supports protecting privacy and innovation. 

As it does so, World will continue to operate and expand the provision of its services in the EU and around the world with plans to expand to more European markets in 2025 to enable everyone who wishes the ability to privately, anonymously verify their humanness online.