Are We Protected? The Adequacy of Existing Legal Frameworks for Protecting Privacy in the Biometric Age

The creation of a record containing biometric data would, in most legal systems, engage laws governing when, how and by whom that record maybe accessed, stored, copied, destroyed, etc. However, there remain grave concerns amongst privacy advocates that existing privacy laws – which in many jurisdictions are general or 'principle-based' in nature – are insufficient to protect the individual from specific and distinct threats to privacy said to attach to biometric data. This paper will analyse the legal properties intrinsic to biometric data as against other established categories of protected data. The survey is cross-jurisdictional, with emphasis on the Hong Kong SAR.