Biometric Data
and Privacy
Biometric data is a powerful tool
for identification which enables
much of our modern contactless
technology. This technology is
underpinning the careful balancing
act that is sustainably managing
the ongoing health risks posed
by COVID-19, and the reopening
of economies. However, the
question is how to manage this
increased use of biometric data with
compliance to privacy laws when
contracting third party providers,
particularly cloud data providers.

Inspire December 2020
What is biometric data?
10 The most obvious thing that
springs to mind when someone
mentions biometric data is facial
recognition, finger print scanners,
or even retina scanners (if you are
a Mission Impossible fan from back
in the days before Tom Cruise was
known for jumping on couches).

According to the Biometrics
Institute, biometric recognition
is the “automated recognition of
individuals based on their biological
and behavioral characteristics”
and a biometric characteristic
or “biometric” is the “biological
and behavioral characteristic of an
individual from which distinguishing,
repeatable biometric features
can be extracted for the purpose
of biometric recognition” 1
In short, biometric data is you
and your intrinsic properties. It is
inherently identifiable and unable to
be anonymised, making it possible
for artificial intelligence (AI) to
recognise you from things that
Biometric data
is sensitive
information. It’s sensitive, in
part, because it
is our inherently
identifiable information, and
because it largely
requires us to
present ourselves.

you never even knew were unique.

In addition to facial recognition
and finger prints, it includes:
> the way you walk;
> the way you type;
> the shape of your ear;
> vein recognition;
> your DNA; and
> the way that you smell.

It is worth keeping in mind that it is
not possible to safely and securely
de-identify biometric data. With
the available computing power, AI
and complex algorithms, merely
stripping personal information
from the data will not be sufficient
to de-identify any biometric data.

Often, the use of big data for
data analytics is on the basis that
the data has been de-identified.

Organisations should not rely on
this method for biometric data.

Why is biometric data
important to protect?
Biometric data is sensitive
information. It’s sensitive, in
part, because it is our inherently
identifiable information, and
because it largely requires us to
present ourselves. It is important
to understand within contractual
relationships who is responsible for
what elements of the collection, use,
storage, disclosure and destruction
of biometric data in compliance with
the applicable and relevant privacy
standards and laws. Finding out the
allocation of responsibility after the
data has been hacked, is not the
recommended course of action!
Biometrics Institute “What is Biometrics?” https://www.biometricsinstitute.org/what-is-biometrics/
1
As the Covid-19 pandemic has swept across the world,
organisations have increasingly looked to
new, contactless technology utilising Biometric
data. This has raised questions of privacy.