Thailand Orders Deletion of 1.2 Million Iris Scans from Worldcoin Project

The event explicitly involves an AI system (iris scanning biometric identification) whose use has led to regulatory action due to violations of personal data protection laws, which protect fundamental rights. The collection and processing of biometric data by the AI system have directly led to concerns about privacy violations and potential misuse of sensitive data, constituting harm under the framework's category of violations of human rights or breach of obligations under applicable law. The suspension and deletion order reflect that harm has materialized or is recognized as having occurred. Thus, this is an AI Incident rather than a hazard or complementary information.

The Orb device is an AI system performing biometric iris scanning to generate digital identity credentials. The PDPC's intervention due to illegal data collection and misuse of biometric data directly relates to the AI system's use and its consequences. The harm here is a violation of data protection laws and potential breaches of individuals' fundamental rights regarding their biometric data. The suspension and data deletion orders indicate that harm has occurred or is ongoing, not just a potential risk. Hence, this is an AI Incident rather than a hazard or complementary information.

The event centers on the use of an AI system (iris-scanning biometric identification) that has directly led to regulatory findings of non-compliance with personal data protection laws and potential harm to individuals through misuse of sensitive biometric data and financial losses related to cryptocurrency tokens. The involvement of AI in biometric data collection and identity verification is explicit. The harms include violations of personal data protection rights and potential financial harm to users, fulfilling the criteria for an AI Incident. The ongoing legal and regulatory responses are part of the incident's context but do not change the classification. The event is not merely a potential risk (hazard) or complementary information; it documents realized harm and regulatory action.

The event explicitly involves an AI system that collects and processes biometric iris scans, which is a clear AI application. The misuse or non-compliant use of this AI system has led to regulatory intervention and legal violations, indicating direct harm to individuals' rights and privacy. The order to delete data and halt operations reflects the materialization of harm rather than a potential risk. The involvement of biometric AI and the resulting breach of data protection laws fit the definition of an AI Incident, as the AI system's use has directly led to violations of human rights and legal obligations.

The World project uses an AI-enabled iris scanning system (Orb device) to collect sensitive biometric data and issue digital tokens. The Thai regulator's order to suspend the service and delete data from 1.2 million people indicates that the AI system's use has led to violations of personal data protection laws and risks to individuals' rights. The involvement of biometric AI and the regulatory action to prevent further harm fits the definition of an AI Incident, as the AI system's use has directly led to a breach of obligations under applicable law intended to protect fundamental rights. The article also mentions potential links to fraud networks, further underscoring the harm and misuse associated with the AI system's deployment.

Worldcoin's iris-scanning technology is an AI system used for biometric identification. The regulatory order to cease operations and delete data follows violations of Thailand's Personal Data Protection Act, indicating harm related to breaches of legal obligations protecting fundamental rights. The involvement of AI in collecting and processing sensitive biometric data that led to regulatory sanctions and operational suspension constitutes an AI Incident. The event describes direct consequences of the AI system's use leading to harm in terms of legal violations and risks to user privacy, fulfilling the criteria for an AI Incident.

The AI system (iris biometric verification) was used to collect sensitive biometric data from 1.2 million people without sufficient consent, violating legal protections and fundamental rights. The involvement of AI in biometric verification and the resulting legal and privacy harms meet the criteria for an AI Incident. The event describes actual harm (legal violations and privacy breaches) caused by the AI system's use, not just potential harm or general news. Hence, it is classified as an AI Incident.

The World Network system uses AI-powered biometric identification (iris scans) to create digital credentials and incentivizes users with tokens. The collection and handling of biometric data without proper consent and in violation of data protection laws directly breaches users' privacy rights, a fundamental human right. The regulatory orders to delete data and cease operations, as well as legal actions including raids and arrests, confirm that harm has occurred. The AI system's use in this context is central to the incident, as the biometric data collection and processing are AI-driven. Hence, this is an AI Incident involving violations of human rights and data protection laws due to the AI system's use and misuse.

The event involves an AI system (World's biometric iris-scanning technology) used for identity verification. The Thai authorities have found that the system's use violated privacy laws, specifically concerning the collection and handling of sensitive biometric data. This violation constitutes a breach of legal obligations protecting fundamental rights, fulfilling the criteria for an AI Incident. The harm is realized in the form of legal non-compliance and potential privacy violations affecting over 1.2 million users. The suspension and deletion order reflect direct consequences of the AI system's use, not merely a potential risk, distinguishing this from an AI Hazard or Complementary Information. Hence, the classification as an AI Incident is appropriate.

The event explicitly involves an AI system (iris-scanning biometric identification) used by World to collect biometric data in exchange for cryptocurrency. The regulatory order to delete the data and suspend activities is due to the system's violation of Thailand's data protection laws, which protect fundamental rights. This constitutes a breach of obligations under applicable law intended to protect fundamental rights, meeting the criteria for an AI Incident. The harm is realized (legal violation and forced data deletion), not just potential. Hence, the classification is AI Incident.

The iris-scanning Orb is an AI system used to collect biometric data for digital identity verification. The event reports that the system was used without sufficient consent, violating Thailand's Personal Data Protection Act, which protects fundamental rights. The collection and use of biometric data without proper consent constitute a breach of legal obligations and human rights. The suspension and deletion order confirm that harm has occurred due to the AI system's use. Hence, this is an AI Incident involving violations of legal and fundamental rights caused by the AI system's deployment and use.

The iris scanning project is an AI system processing biometric data. The regulatory finding that its data collection practices violate Thailand's data protection law and the consequent suspension and data deletion orders demonstrate a breach of legal obligations protecting fundamental rights. This breach constitutes harm under the framework's category of violations of human rights or breach of applicable law. Hence, this event is classified as an AI Incident.

The event explicitly involves an AI system (biometric iris scanning) used for digital identity verification and cryptocurrency issuance. The authorities concluded that the collection and trading of biometric data breached data protection laws, which are designed to protect fundamental rights. The forced deletion and suspension indicate that harm has occurred in terms of legal violations and potential privacy infringement. The AI system's use directly led to this harm, fulfilling the criteria for an AI Incident. Although no physical injury is reported, the violation of data protection laws and rights is a recognized form of harm under the framework.

The World ID system uses AI-enabled biometric verification, which qualifies as an AI system. The misuse or illegal handling of biometric data constitutes a violation of personal data protection laws and infringes on users' privacy rights, a form of harm to fundamental rights. The regulatory order to delete data and halt operations is a response to realized harms and legal breaches. Therefore, this event meets the criteria of an AI Incident because the AI system's use has directly led to violations of legal protections and risks to users' rights and privacy.

The event describes a biometric AI system (World's Orb) used for identity verification that collected and processed sensitive biometric data (iris scans) from over 1.2 million individuals. The Thai authorities' order to delete this data and suspend operations is based on violations of the Personal Data Protection Act, indicating a breach of legal obligations protecting fundamental rights. The AI system's use directly led to this legal violation and potential harm to individuals' privacy rights. The involvement of AI in biometric data processing and identity verification is explicit. Hence, this is an AI Incident as the AI system's use has directly led to a breach of applicable law protecting fundamental rights.

Worldcoin's biometric identity verification system uses AI to process iris scans, which qualifies as an AI system. The regulatory order to delete biometric data and halt operations is a direct consequence of the AI system's use violating data protection laws, constituting a breach of legal obligations protecting fundamental rights. This meets the criteria for an AI Incident because the AI system's use has directly led to a violation of rights and legal non-compliance, causing operational and financial harm. Therefore, the event is classified as an AI Incident.

The project uses AI-based biometric systems to collect and process iris scans for identity verification and digital token rewards. The regulator found that consent was not properly obtained, making the data collection unlawful and violating privacy rights. The direct regulatory action to delete data and halt operations indicates realized harm related to rights violations. The involvement of AI in biometric data processing and the resulting breach of data protection laws and consent requirements meet the criteria for an AI Incident under violations of human rights or breach of applicable law protecting fundamental rights.

Worldcoin's system uses AI-enabled biometric iris scanning to verify identities, which is explicitly mentioned. The Thai authorities' order to destroy the biometric data stems from violations of personal data protection laws, indicating a breach of legal obligations protecting fundamental rights. The harm here is the violation of privacy and data protection rights, which falls under human rights violations as defined. The event describes actual regulatory action taken due to these violations, indicating realized harm rather than potential harm. Hence, this is an AI Incident rather than a hazard or complementary information.