TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, July 22, 2016 Related reading: Global News Roundup: April 12–19, 2021


Greetings from Biarritz, France!

The field of biometrics is becoming increasingly debated in the privacy space. Leaps and bounds have been achieved in the development of biometrics technology in recent years. One need look no further than to the smartphone, with its high-resolution cameras and ability to read fingerprints.

Biometrics, in short, deliver more secure, easy-to-use solutions than the standard password, where some uniquely identifying feature — such as eyes, face, fingerprints or voice — is converted by software into a unique code which in turn identifies the individual to a given device or network. Sounds neat. The days of selecting and remembering numerous passwords to access multiple aspects of our online lives could well become a thing of the past. Certainly, for personal banking and related financial transactions, the fingerprint key is welcome; I myself make use of this and find it convenient. 

One can expect to see more layered security with biometrics use as the industry becomes more mainstream. Recent research carried out by AMR suggests that the global facial recognition market alone is going to reach a value of $9.6 billion by 2022.

One only has to look at the rate of adoption of biometric identification — facial recognition — technology in airports to experience a visible example of this global trend. At certain airports, the use of facial cameras goes as far as connecting the image to the passenger name record confirming individual passenger identity and linking the identity to luggage items.

The overriding fundamental with biometric identifiers is that they are unique to each and every one of us. They are permanent features barring cosmetic surgery of some description. By default, one could argue these data sets are incredibly sensitive and highly personal information. We need to ask what would be the consequences if that data is compromised; a data breach of any magnitude involving biometric identifiers could potentially be disastrous for the individual victims concerned. You can replace your credit card but not your fingerprints or your iris.

The companies spearheading the advance of biometric technology will continue to assure us that only the authentication and unique codes are retained, without actually storing biometric data. That said, as data breaches become more commonplace, the risk needs to be reflected in regulation, design and deployment of these new age solutions.

An additional risk with biometric data, as with other more obvious data sets, is that without regulation this data could be used for location-based advertising. Think of facial recognition combined with additional biometric systems that would recognize individuals on the street, or entering shops on the high street; advertising heaven in real time.

Think of it this way: If you know that an organization is quantifying, profiling and commercializing your age, race, gender, clothing, as well as your facial expression and everyday mannerisms, should you be concerned? I suppose the key question is whether society should be concerned at the potential state of constant monitoring. Without knowing who is doing the monitoring, we simply can’t know how to act accordingly with our personal freedom.

All in all, as internet companies and government agencies seek to deploy increasingly sophisticated biometric software to track, surveil or identify individuals, biometric tech presents huge challenges for security as well as data protection teams. Those teams will need to demonstrate their robust protection procedures to stakeholders with serious concerns about how personal data will be looked after, what it will be used for, or how it could be processed or shared, abused or otherwise inappropriately accessed. The key to building acceptance and trust for biometrics will be to ensure complete compliance and reassurance of users that the data they have collected will be properly protected and managed. As the technology emerges from relative obscurity we will see how well it is received and accepted in the open.


If you want to comment on this post, you need to login.