Biometric data

How to use them without putting your privacy at risk



Definition and limitations

With the entry into force of the GDPR, together with the growing development of new technologies and related applications within the various social contexts, the use of tools capable of detecting biometric data has become increasingly frequent.

Art. 4 of the European Regulation defines biometric data "personal data obtained from a specific technical treatment relating to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification, such as facial image or fingerprint data".

Given this definition, it is useful to examine what are the limits related to their use, and what are the provisions of European legislation.

Art. 9 of the GDPR, paragraph 1, establishes a general prohibition on the processing of "biometric data intended to uniquely identify a natural person".

Biometric data are in fact by their nature - directly, uniquely, and in a stable way over time - connected to the individual, and in particular they can indicate the relationship between the body, behavior and identity of the subject.

The improper use of the same (or the use of inadequate protection measures) could therefore give rise to significant risks for the rights and freedoms of individuals, such as for example the discriminatory use of data and identity theft.



Impact assessment

Biometric data, if properly treated, can be very useful in today's society: to give an example, it could be a very useful tool in the prevention of fraud and unauthorized access.

However, the processing must be "privacy compliant" and only and exclusively the data necessary to achieve the purpose must be processed, avoiding the collection of superfluous personal data.
Va adottato in casi necessari e specifici ove non sussistano altre modalità allo stesso modo efficaci e meno invasive per raggiungere lo scopo e nel pieno rispetto dei diritti e delle libertà fondamentali.

Sign up to our newsletter