// HIGHLIGHT //
There’s a new device in town,
and it’s coming for your iris
Nowadays, people are happily sharing biometric data through their trendy smartwatches. The allure of profiting from cryptocurrency is as tantalising as Bitcoin’s early days. And Sam Altman has garnered a considerable following of techno-enthusiasts since the launch of ChatGPT.
So the timing couldn’t be better for Sam Altman to relaunch his Worldcoin project, a cryptocurrency-cum-identity network that functions by verifying that someone is both a human being and a unique person. The verification is carried out by a custom-built spherical device called an Orb. (Read about Worldcoin’s history.)
Are you unique? The uniqueness requirement is why verification is based on an iris scan: Since the structure of our irises is both individually identifiable and stays more or less the same over time, iris biometrics are much more accurate and reliable.
Privacy safeguards: WorldCoin also provides some privacy features. Iris scans are processed locally on each Orb, and turned into a set of numbers. The original scan is then deleted (unless the user prefers to have it stored on Worldcoin’s servers ‘to reduce the number of times you may need to go back to an Orb’).
Regulators stepping in: Despite the safeguards, European regulators have been quick to react. France’s privacy watchdog said it had reservations about the legality of the biometric data collection, and how it’s being stored. The UK said it was reviewing the project.
Germany is way ahead: Its data protection regulator in Bavaria – the lead EU authority investigating Worldcoin due to the company’s German subsidiary in the region – has been investigating the project’s biometric data processing since November last year.
Why the iris scanning project is more than a headache
As the investigations unfold, there are several challenges that are raising alarm bells about the iris project.
1. The massive database. Regardless of all the noble purposes (mostly) behind the Worldcoin project, the fact is that a massive biometric database is being built. And we all know the risks that come with that – from breaches to data misuse.
2. The Orb operators. Let’s say your iris pattern is deleted immediately. There are still plenty of risks associated with how that data is collected. The company emphasises that the orb operators – the people entrusted with the shiny spheres – are independent contractors over whom ‘we have no control over and disclaim all liability for what they say or how they conduct themselves’.
3. The money pitch. Worldcoin is providing people with an incentive to have their irises scanned: the prospect of making money. ‘Eligible verified users’, that is, anyone who’s had their iris scanned, ‘can claim one free WLD token per week with no maximum.’ On the one hand, a company is finally paying users for their data, but on the other hand, that data is sensitive biometric information. Are users on an equal footing with the company in this exchange? Should the sale of sensitive biometric information be permitted? It’s a transaction that warrants closer scrutiny.
Beyond the boundaries of what is acceptable or prohibited, projects that involve large-scale collection of biometric data are undoubtedly contributing to society’s changing attitudes towards privacy. It’s probably time to reassess the essence of what users are actually trading, and more than that, whether users have the power to defend their rights and position in this negotiation.
// ANTITRUST //
EU confirms antitrust investigation against Microsoft for bundling Teams with Office
It didn’t take long for the European Commission to confirm our hunch from last week. Just days after Alfaview’s anti-competition complaint against Microsoft, the commission launched formal proceedings against Microsoft for bundling the communication software Teams with its Office 365.
A long time coming. At the height of the COVID-19 pandemic in 2020, Zoom soared to success while Teams emerged as a formidable competitor. It was during this time that Microsoft decided to bundle Teams with Office. The move faced backlash from Slack, a rival company (that was subsequently acquired by Salesforce in 2021), which complained to the commission that Microsoft’s bundling constituted an abuse of its dominant position.
Why is this case relevant? This makes it the first investigation by the European Commission against Microsoft since the Internet Explorer bundling case concluded in 2009 (Microsoft was fined a few years later for breaching its commitments). This case also highlights the limited effectiveness of antitrust laws and enforcement in deterring dominant companies. Even if Microsoft were to lose the case, Teams would remain firmly established as one of the leading meeting software apps, making any findings of anti-competitive behaviour ineffective in displacing it.
Case number: AT.40721
French competition authority to investigate Apple’s app tracking policy
The French competition authority has launched an investigation into Apple’s practices for allegedly abusing its dominant market position. Advertisers have complained that while Apple imposes its App Tracking Transparency (ATT) policy upon them, it exempts itself from the same regulations, resulting in self-preferential treatment.
The issues with Apple’s tracking policy. Apple’s ATT policy, first announced in 2020, triggers a privacy pop-up to iPhone and iPad users during the installation of third-party apps attempting to track them. That’s very much welcomed by privacy advocates. However, app developers say that this policy does not extend to Apple’s own apps, creating hesitation among users to allow third-party tracking, leading them to favour Apple’s apps. This also means that Apple has access to more complex device and advertising data than third-party developers, allowing it to more accurately target its ads to users in ways that third-party developers cannot.
Apple says its apps do not track users via third-party apps, and hence, do not require the ATT prompt. But competition authorities aren’t so sure anymore that this isn’t an abusive self-preferencing practice.
Why is this case relevant? First, this case has been gaining momentum since 2020. At that time, the French Competition Authority was approached by advertising associations with a complaint against the ATT policy and a request for interim measures against Apple. A year later, the French authority concluded that there was nothing wrong with providing users additional possibilities for deciding whether they wished to be tracked, and after all, at that time, the French authority did not have any proof that Apple was subjecting third-party app developers to stricter measures than those it imposed on itself for comparable purposes. And this is precisely what the French authority will now be looking at. Second, because multiple jurisdictions are looking into the same issue, including the UK, Italy, Germany, and California.
