The Legal Aspect of Biometric Systems

The Legal Status of Using Biometric Data

Biometric SystemsIn recent years, the use of biometric data – templates and images – has been the subject of discussion by scores of legal professionals and laypeople. According to the European Union directive, ‘raw’ forms of biometric data are considered personal data. Personal data includes any unique information that is attributed to an identifiable person with an ID number, economic, mental, physiological or social identity, etcetera. All forms of raw data are covered by the Data Protection Directive. Privacy concerns, safety regulations and the type of data that is collected and stored are all considered within legal decisions about using biometric data.

There has been much discussion about biometric data being deemed sensitive and personal. According to the Data Protection Directive (Article 8), the processing of data that reveals personal characteristics such as philosophical beliefs, ethnicity, race or religion should ideally require the consent of the data subjects in question. As far as privacy concerns go, the measures required for obtaining biometric data are often regarded as disproportionate to the tasks it is needed for. It is important to narrow the focus of biometric technology, with oversight as to what data will be stored and how it will be stored. Other questions include who will have access to the biometric data, and how it will be controlled. In practical terms, biometric technologies can be used for national security improvement and so forth.

Biometric Technology and the Privacy of Health Data

The details contained in biometric data include information used for identification and information not used for identification. The former type of data includes Randotypic, Genotypic, and Behavioral details. Information that is not used to identify an individual may include data about an acute disease. Generally speaking, biometric information does not disclose health information. As it stands, the current biometric technology does not allow for disclosure of health data, and the technological jump required for biometric systems to reveal health and disease information is a big one.

The Sensitivity of Biometric Data

A survey conducted in 2006 revealed that 63% of respondents in the United Kingdom considered biometric data to be sensitive data. The perception of its sensitivity varies according to category, with contact details, biometric and genetic data regarded as highly sensitive by over 33% of those polled. A full 20% of respondents perceive data about political ideology, religious affiliation, ethnicity and race as extremely sensitive. There is also a question as to the anonymity that is possible with biometric data. While it is difficult to completely anonymize data, this can be done when biometric data is stored offline for verification purposes.
As long as there are no clear-cut and rigorously proven answers about what biometric technology is capable, this is one debate that looks set to continue.