Senior Counsel, Privacy & Data Protection Officer (EU/UK)

About the Company:

World is building a real human network designed to accelerate people in the age of AI. As bots and autonomous agents reshape the internet, people, institutions, and applications need a trusted way to confirm who is a real human while preserving privacy. Our products make this possible: the Orb verifies real people, World ID proves it privately, and World App enables and distributes the new applications made possible by this technology. Together, they form a new layer for AI internet.

We’re one of the fastest-growing networks in tech. More than 17 million people across 160 countries have verified with World ID, and we complete over 350,000 verifications each week. World App is already among the most used wallets globally. Developers are integrating World ID to build safer online experiences and create spaces where real people can participate, earn, and be recognized in ways AI simply can’t replicate.

World was founded in 2019 and launched globally in 2023. We are more than 400 people across hardware, software, AI, cryptography, mobile engineering, and global operations. Our teams come from OpenAI, Tesla, SpaceX, Apple, Google, Stripe, Meta, Coinbase, Palantir and MIT Media Lab. We’re backed by leading investors, including a16z, Khosla Ventures, Bain Capital Crypto, Blockchain Capital, Variant, Tiger Global, and Coinbase Ventures, as well as prominent operators and founders across fintech and AI.

World has been featured on the cover of TIME Magazine, highlighted in Fast Company’s Next 5 in Fintech, and explored in a Bloomberg deep dive. The New York Times, Bankless and TechCrunch have all recognized our progress in identity, cryptography, AI, and global-scale hardware deployment. Our leadership is also named to the Time AI 100. Learn more about the newest product launches from our Unwrapped event.

About the Opportunity

Tools for Humanity is seeking an experienced and pragmatic privacy lawyer to join our Privacy team as Senior Counsel, Privacy & Data Protection Officer (EU/UK), based in Munich, Germany. This is a unique opportunity to help shape the privacy, data governance, and regulatory strategy for a high-profile technology project operating at the intersection of emerging technologies, digital identity, AI, and financial innovation.

Working directly with the Chief Privacy Officer and cross-functional leaders across legal, product, engineering, security, policy, and communications, you will play a critical role in designing and operationalizing scalable privacy and data protection frameworks globally. You will also serve as the designated Data Protection Officer (DPO) for applicable EU and UK entities under the GDPR and UK GDPR, acting as a trusted advisor to leadership, regulators, and internal stakeholders.

What You’ll Do

Privacy & Product Counseling

• Drive the development and execution of the company’s strategies to address evolving global privacy, data governance, and AI regulatory requirements.

• Advise on privacy-by-design and data protection-by-design principles across the full range of TFH products, services, and technologies.

• Lead drafting, review, and maintenance of privacy notices, policies, disclosures, consent frameworks, and internal governance documentation.

• Provide practical and strategic legal guidance on GDPR, UK GDPR, ePrivacy, AI regulation, biometrics, digital identity, cross-border transfers, marketing, cookies, and emerging global privacy frameworks.

• Partner closely with product, engineering, security, policy, communications, and business teams to support innovative product development while managing legal and regulatory risk.

• Oversee and support Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), vendor reviews, and records of processing activities (ROPAs).

• Respond to and manage privacy-related regulatory inquiries, investigations, audits, and enforcement matters globally.

• Support incident response, breach assessment, notification obligations, and remediation efforts in coordination with Security and Compliance teams.

• Develop scalable privacy resources, templates, training materials, and operational tools that enable teams across the company to provide consistent and durable guidance.

Data Protection Officer Responsibilities (EU & UK)

• Serve as the designated Data Protection Officer for relevant EU and UK entities.

• Monitor organizational compliance with applicable data protection laws, regulations, policies, and standards.

• Advise the company and internal stakeholders on obligations under GDPR, UK GDPR, CCPA and other global data protection frameworks.

• Act as the primary point of contact for EU and UK supervisory authorities and cooperate with regulators on data protection matters.

• Serve as a contact point for data subjects regarding the exercise of their privacy rights and inquiries relating to personal data processing.

• Independently monitor compliance efforts, including audits, risk assessments, training initiatives, and governance processes.

• Provide guidance on international data transfer mechanisms, including SCCs, transfer impact assessments, and evolving EU/UK transfer requirements.

• Support the ongoing development and maturity of the company’s global privacy governance framework and accountability program.

Knowledge, Skills & Abilities

• Deep expertise in privacy, cybersecurity, AI, and technology regulation.

• Strong working knowledge of GDPR, UK GDPR, ePrivacy requirements, CCPA LGPD, APAC privacy laws, and other major global privacy frameworks.

• Experience supporting privacy compliance programs in multinational organizations.

• Hands-on experience with privacy regulatory investigations, incident response management, breach reporting, and operational privacy governance.

• Demonstrated understanding of data protection officer obligations and regulatory expectations in the EU and UK.

• Ability to balance legal risk with practical business objectives in a fast-moving technology environment.

• Strong strategic thinking and judgment with the ability to prioritize effectively amid ambiguity and evolving priorities.

• Excellent written and verbal communication skills, including the ability to explain complex legal concepts to technical and non-legal audiences.

• Detail-oriented, collaborative, business-minded, and comfortable operating independently in a high-growth environment.

• Enthusiasm for emerging technologies, including AI, blockchain, digital identity systems, and cryptocurrency ecosystems.

• Strong interpersonal skills and a positive, solutions-oriented mindset.

• A sense of humor.

Minimum Qualifications

• Fully qualified lawyer in Germany, another EU jurisdiction, the UK, or the United States (or equivalent foreign qualification).

• Ability to serve as Data Protection Officer under GDPR and UK GDPR requirements.

• 8+ years of legal experience, including experience at a law firm, in-house legal department, and/or government authority.

• Significant experience advising on global privacy laws, regulations, and compliance frameworks, particularly in the technology, internet, social media, AI, or digital products sectors.

• Experience advising on privacy legal risks, mitigations, governance structures, and operational compliance programs.

• Experience handling regulatory investigations and interactions with data protection authorities.

• Experience working cross-functionally on multiple complex projects in fast-paced environments.

• Excellent problem-solving, client counseling, and stakeholder management skills.

• Fluent in German and English, other languages are a plus.

Preferred Qualifications

• Prior experience serving as a Data Protection Officer or deputy DPO.

• In-house experience at a multinational technology company.

• Familiarity with AI governance, biometric data regulation, blockchain technologies, and cryptocurrency-related legal issues.

• Working proficiency in German and/or additional European languages.

• Relevant privacy certifications (e.g., CIPP/E, CIPM, CIPT) are a plus.