In October 2024, several people lined up at a shopping plaza in Iztapalapa. The offer seemed irresistible: 1,000 pesos in exchange for a photograph of their face and an iris scan in front of a metallic sphere called Orb. The procedure was part of the Worldcoin project (renamed World), which seeks to create a global digital passport in exchange for people’s biometric data.
According to an investigation by Animal Político, the promise of monthly payments in cryptocurrency diluted over time: first 800 pesos, then barely 50. Worst of all, those who agreed to hand over their information were never given any clarity about the use, protection, or destination of their data.
Vulnerability and “flawed” consent
Animal Político showed the case of Rebeca and Samantha, two women from Iztapalapa who handed over their irises in exchange for cryptocurrency, a situation that occurs in thousands of families. The Amaranta Organization in Chile documented that the majority of users are people in situations of economic vulnerability who agreed without understanding the risks.
“This generates flawed consent,” said Cecilia Ananías, founder of the NGO, quoted by the media. There were even cases of minors participating in the process, something expressly prohibited by law.
The Federal Law on the Protection of Personal Data considered iris and fingerprints to be “highly sensitive” information. Enforcement fell to the INAI (National Institute of Information and Communications), but after its disappearance in 2025, Mexico was left without an autonomous body with the power to sanction.
“Today, there is no body that can sanction bad practices or guarantee effective protection,” warned Santiago Narváez, a lawyer at R3D, in an interview with Animal Político.
According to Idc Online, in 2022 alone, the INAI collected more than 60 million pesos in fines for violations of the data protection law. The institute’s absence opens the door for companies like World to operate with even less oversight.
Worldcoin was founded in 2019 with the idea of offering a unique digital ID through cryptocurrency. However, the lack of transparency regarding data handling raised alarms in various countries.
According to UNAM, the company never clearly explained why it requires biometric data. “Biometric data cannot be changed like a password. If compromised, the risk ranges from financial fraud to money laundering,” said Carlos Tlahuel, a security specialist at the DGTIC (General Directorate of Information and Communications).
In Mexico, the company claims to use SMPC technology to fragment and protect information. However, in 2023, TechCrunch revealed that hackers stole credentials from Worldcoin operators, exposing external vulnerabilities.
In April 2024, Representative María Eugenia Hernández asked the INAI (National Institute of Information and Communications) to evaluate the project’s impact. The institute opened an ex officio investigation. “We have initiated an ex officio investigation to analyze the possible data breach at the Worldcoin company,” the agency itself published in X, according to El Economista. However, the results were never made public, and after the disappearance of the INAI, the investigations were forgotten.
700,000 Mexicans have already submitted their irises, and the risk is just beginning.
According to Animal Político, in Mexico there are already more than 700,000 people verified with iris scans and 1.3 million active accounts on the World App. Without a solid legal framework and financial incentives, experts agree that consent cannot be considered valid.
For Paul Aguilar of SocialTIC, “you can’t change your iris like a password.” The risk is that a biometric database has been compromised, and it could lead to identity theft, fraud, and mass surveillance.
Today, World assures that it complies with “all the legal frameworks where it operates.” However, digital rights experts warn that the combination of biometrics, cryptocurrencies, and artificial intelligence opens the door to a model of exploitation based on personal data.
According to UNAM, the lack of transparency and clear regulation have placed Mexico in a particularly vulnerable situation. Meanwhile, more than 700,000 Mexicans have already sold their biometric data to a company that operates in a legal vacuum. And there is no authority that can guarantee them real protection.
Source: xataka
