The German regulator, the Bavarian State Data Protection Supervisory Office, has ordered Worldcoin's human verification project to delete biometric data collected through eye scans. Worldcoin says it has changed its processes, and the German regulator's findings largely relate to outdated operations and technologies that were replaced in 2024. The Bavarian State Data Protection Regulatory Office concluded its investigation, which began in April 2023, saying in a statement on Wednesday: Worldcoin is obliged to provide GDPR-compliant deletion procedures within one month of the decision taking effect, and to delete certain previously collected data records without sufficient legal basis. Sam Altman, CEO of OpenAI, said steps have been taken over the past few months to allay regulators' concerns, including the move to a system where Worldcoin no longer stores biometric data. To comply with GDPR requirements, the iris code used to verify an individual's World ID will no longer be stored, and previously collected iris codes will be voluntarily deleted, ensuring that no personal data used to operate World ID is retained.