With the entry into force of the GDPR, together with the growing development of new technologies and related applications within the various social contexts, the use of tools capable of detecting biometric data has become increasingly frequent.

Art. 4 of the European Regulation defines biometric data "personal data obtained from a specific technical treatment relating to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification, such as facial image or fingerprint data".

Given this definition, it is useful to examine what are the limits related to their use, and what are the provisions of European legislation.

Art. 9 of the GDPR, paragraph 1, establishes a general prohibition on the processing of "biometric data intended to uniquely identify a natural person".

Biometric data are in fact by their nature - directly, uniquely, and in a stable way over time - connected to the individual, and in particular they can indicate the relationship between the body, behavior and identity of the subject.

The improper use of the same (or the use of inadequate protection measures) could therefore give rise to significant risks for the rights and freedoms of individuals, such as for example the discriminatory use of data and identity theft.