Spain’s Data Protection Agency (AEPD) has imposed a three-month ban on Worldcoin’s collection and use of personal data, responding to multiple complaints about privacy violations, the Financial Times reported.

The AEPD’s directive targets Worldcoin’s practices of collecting biometric data, including from minors, and the company’s failure to provide adequate information or allow consent withdrawal.

Worldcoin has enrolled over 4 million individuals in iris scanning.

The AEPD has given Worldcoin 72 hours to comply with the directive, which also prohibits the use of previously collected data.

Worldcoin has faced international regulatory scrutiny over the past year, with incidents such as warehouse raids in Kenya and questions raised by German and French regulators about the legality of biometric data collection.

Despite these challenges, Worldcoin has seen a significant increase in its cryptocurrency value, rising over 220% in the past month, partly fueled by the broader market rally and the success of its sister company OpenAI’s AI-powered video generation service, Sora.

In response to the AEPD’s actions, Worldcoin spokesperson Jannick Preiwisch told crypto media outlet Blockworks that the company has been engaged with the Bavarian data protection authority (BayLDA) and that the AEPD’s claims are inaccurate and misleading. Preiwisch emphasized Worldcoin’s willingness to cooperate with regulators and address any concerns.

The AEPD’s decision is limited to Spain and does not reflect the broader EU stance.