Characteristics of biometric data
According to the National Institute for Transparency, Access to Information and Protection of Personal Data (INAI), biometric data are the physical, physiological and behavioral properties of each person, for example:
- The fingerprint.
- The face.
- The shape of the ears.
- The chemical composition of body odor.
- Tone of voice.
To identify them, systems that analyze parameters derived from the direct measurement of a specific characteristic are used. An example of this is facial recognition, in which the distance between the eyes, the angle of the jaw and the length of the nose are measured.
<< Does IA violate citizens’ rights? >>
In addition, biometric data is unique and permanent, so it can be used to create better security protocols. Hence the interest in developing technologies capable of measuring them.
In fact, biometric systems make it possible to recognize the users of a public or private service. And such recognition involves comparing data in an automated way – with machine learning algorithms.
Protection of biometric data
In Mexico, personal data is protected by the Federal Law for the Protection of Personal Data Held by Private Parties and the General Law for the Protection of Personal Data Held by Obligated Parties.
Both laws mention that a person’s biometric data can only be accessed from:
- Your express consent.
- A court order.
- Public access sources.
- An emergency that puts someone’s life or property at risk.
Vulnerability of biometric data
What is currently in question is the safeguarding, use and interpretation of biometric data.
interpretation of biometric data
. Although there are laws in this regard, they have not prevented these data from being put to pernicious use on occasions.
For example, in some cases those who store personal data have not been careful enough to prevent their leakage and sale on the Internet, which undoubtedly violates the privacy of individuals.
In this regard, the reform approved by the Mexican Senate to create a biometric data registry of mobile telephone users is a matter of concern. In fact, INAI expressed its opposition and filed an action of unconstitutionality before the Supreme Court of Justice of the Nation.
It is also worth mentioning that since 2020 the National Banking and Securities Commission(CNBV) requires banks to capture the fingerprint of their users, in order to avoid identity theft in transactions.
These cases show that, although current regulations dictate that the processing of personal data is subject to the user’s consent, authorities and companies must treat this information more ethically and responsibly.
Processing of biometric data
In theory, users are not obliged to provide their biometric data; however, sometimes the provision of a service is conditional on it, as is the case with online banking.
Therefore, both the private sector and governments have to ensure the security of biometric data. They can start by following these recommendations for their treatment (based on the NACI guide on the subject):
- Principle of legality. To have a thorough understanding of the regulations: under what terms biometric data can be collected, stored and used.
- Principle of loyalty. Use legal and legitimate means to obtain biometric data, as well as verify that the privacy notice explicitly states the purpose of its collection.
- Principle of information. Communicate as an update to the privacy notice when biometric data transfers are required.
- Principle of consent. Request the tacit consent of the data subjects when the biometric data are not sensitive; on the contrary, when the data are sensitive, the consent of the data subjects has to be in writing.
- Principle of finality. Justify the request for biometric data and ensure that it is not used for purposes other than those originally established.
- Principle of proportionality. Prioritize non-biometric data and, if it is very necessary, use it sparingly and appropriately.
- Quality principle. Biometric data must be accurate, complete, relevant and up-to-date.
- Principle of responsibility. Mitigate risks in the implementation and use of technologies for the treatment of biometric data, in addition to implementing processes to guarantee their confidentiality.
Does your company collect biometric data? What security protocols do you use to protect them? As a user, have you ever felt vulnerable when you had to provide any of your biometric data?
Comment in the space below and subscribe to my blog to learn more about cognitive computing for business, as well as other topics of innovation and scientific technology applied to business.
Originally published in Jorge Pérez Colin Blog source