The Need for a Consistent Legal Regulation of Biometric Data

Several initiatives have been taken in the past for self or co-regulation of biometric data use, which are briefly described. The concepts of privacy by design (PbD) and privacy enhancing technologies (PETs) which are also important in the Reform proposals and their implications for biometric systems are also discussed and explained in this Chapter. The author estimates however that these previous initiatives were not convincing and argues in favour of the adoption of specific legislation for biometric data processing. Such legislation should contain not only the criteria identified in the previous Chapter VII, as based on the practice of the data protection authorities examined in Chapter V, such as in relation to the storage and the use of templates, but also comprehend additional recommendations. These are for example the use of revocable, unlinkable and irreversible biometric identities and the need for additional transparent information about biometric systems to the data subjects.