White papers

Biometrics and Personal Data

This White Paper addresses the recent surge in using face recognition and biometrics in general for identification and verification purposes. It explains how Innovatrics technologies extract and suggests how to store biometric data so that people don’t need to be worried about how their biometric data is managed and about the compliance with GDPR.

GDPR and Biometrics

In member countries of the European Union, the storage and usage of biometric data is governed by the General Data Protection Regulation (GDPR). Biometric data under GDPR is considered sensitive personal data. This means that it should be chiefly processed with the explicit content of the data subject and only for specific purposes.

What’s important for non-EU companies is the fact that GDPR rules govern the personal data of all EU citizens. Even non-EU companies have to adhere to them as long as they want to store data of EU subjects. Other countries do not have such comprehensive sets of rules governing biometric data. There were legal proposals such as the Facial Recognition Privacy Act in the US that attempt to provide a framework for the fair use of facial recognition technology. Similar acts are expected in other jurisdictions due to the technology’s increasing use. EU prepares its own directive to regulate AI, including facial biometrics, which can have global repercussions similar to GDPR.

Types of Data Under GDPR

Personal data:
any information relating to an identified or an identifiable natural person (name, ID number, location and other factors)

Sensitive data:
special category of personal data, that should require additional protection, explicit consent and good reason to collect them. These include:

  • Political opinions
  • Racial or ethnic origins
  • Religious beliefs
  • Health data
  • Genetic and biometric data
  • Sex life and sexual orientation

Continue reading in our White Paper. Fill the form on the top of the page and download free…

Biometrics and Personal Data