• Gemalto is now part of the Thales Group, find out more.

Biometrics: authentication & identification (definition, trends, use cases, laws and latest news) - 2019 review


Average reading time: over 10 minutes

Biometrics is the most pertinent means of identifying and authenticating individuals in a reliable and fast way, through the use of unique biological characteristics. ​​​​​​​​​​​​​

biometrics

In this in-depth overview of biometrics you’ll get answers to these questions:
  • What does biometrics mean?
  • What are the types of biometrics? (examples of biometrics)
  • Why biometrics?
  • Who invented biometrics? (history of biometrics)
  • What is biometrics used for? (use cases in 7 major domains)
  • Is biometrics accurate and reliable?
  • Why is biometrics controversial?
  • And much more
So if you want to go from biometrics beginner to pro, this guide is for you.
 
Let’s get started.

What is biometrics?

Biometrics allows a person to be identified and authenticated based on a set of recognizable and verifiable data, which are unique and specific to them. 

Biometric authentication is the process of comparing data for the person's characteristics to that person's biometric "template" to determine resemblance. 

  • The reference model is first stored in a database or a secure portable element like a smart card. 
  • The data stored is then compared to the person's biometric data to be authenticated. Here it is the person's identity that is being verified. 

In this mode, the question being asked is: "Are you indeed Mr or Mrs X?"​

Biometric identification consists of determining the identity of a person. 

  • The aim is to capture an item of biometric data from this person. It can be a photo of their face, a record of their voice, or an image of their fingerprint. 
  • This data is then compared to the biometric data of several other persons kept in a database. 

In this mode, the question ​is a simple one: "Who are you?"

To know more about our biometric technology​ and solutions, visit our product pages.

Biometrics: trends

​Faced with document fraud and identity theft, with new threats such as terrorism or cybercrime, and faced with the changes in international regulations, new technological solutions are gradually being implemented. 

One of these technologies, biometrics, has quickly established itself as the most pertinent means of identifying and authenticating individuals in a reliable and fast way, through the use of unique biological characteristics. 

Of course, increased public acceptance, massive gains in accuracy, a rich offer, and falling prices of sensors, IP cameras and software make it all the easier to install biometric solutions. Today, many applications make use of this technology. 

Biometric identification

What is biometrics? Definition and examples

Biometrics is the science of analyzing physical or behavioral characteristics specific to each individual to be able to authenticate their identity.

If we were to define biometry or biometrics in the most simple sense,  we would say the "measurement of the human body". 

There are two categories of biometrics:

​Physiological measurements 

They can be either morphological or biological. These mainly consist of fingerprints, the shape of the hand, of the finger, vein pattern, the eye (iris and retina), and the shape of the face, for morphological analyses.

For biological analyses, DNA, blood, saliva or urine may be used by medical teams and police forensics.

Gemalto celebrates a decade of support for West Virginia University's growing Department of Forensic and Investigative Science. The lab, created in Oglebay Hall, is now equipped with a professional Gemalto Cogent Automated Finger Identification System​ (AFIS), 24 workstations for finger/palm analysis, 3 Livescans for enrolling prints, an Integrated Ballistics Identification System (IBIS), and a teaching station. 

​Behavioral measurements

The most common are voice recognition, signature dynamics (speed of movement of pen, accelerations, pressure exerted, inclination), keystroke dynamics, the way objects are used, gait, the sound of steps, gestures, etc. 

The different techniques used are the subject of ongoing research and development, and, of course, are being constantly improved. 

To see how behavioral biometrics​ is gaining momentum in Banking, visit our web dossier.

However, the different sorts of measurements do not all have the same level of reliability. 

Physiological measurements are usually considered to offer the benefit of remaining more stable throughout the life of an individual. 

For example, they are not as subject to the effects of stress, in contrast to identification by behavioral measurement. 

What is biometrics? Types of biometrics: some examples of physiological and behavioral measurements

When was biometrics first invented?

Biometrics addresses a longstanding concern to be able to prove one's identity, irrefutably, by making use of what makes one different.

Going as far back as prehistoric times, man already had a feeling that certain characteristics such as the trace of his finger were sufficient to identify him, and he "signed" with his finger.

But let's be honest. There's more.

The truth is that biometrics - and the relationship between man and technology - is a fascinating topic. 

See how Holywood has been reinventing biometrics since the 1960s in our blog post (Holywood and biometrics).

History of biometrics​

In the second century B.C., the Chinese emperor Ts'In She was already authenticating certain seals with a fingerprint.

In the 19th century, Bertillon took the first steps in scientific policing. He used measurements taken of certain anatomical characteristics to identify reoffending criminals, a technique that often proved successful, though without offering any real guarantee of reliability. 

This budding use of biometrics was then somewhat forgotten, only to be rediscovered by William James Herschel, a British officer, to be used for an entirely different purpose. Having been put in charge of building roads in Bengal, he had his subcontractors sign contracts with their fingerprints. An early form of biometric authentication and a sure way of being able to find them more easily if they defaulted.

  • In the UK, the Metropolitan Police started the use of biometrics for identification in 1901. 
  • In the US, it was initiated by the New York police in 1902 and by the FBI in 1924. 
  • The French police started to initiate the same process in late 1902.
The measurement of unique patterns (aka behavioral biometrics)  is not new either. It goes back to the 1860s. Telegraph operators using Morse code recognized each other by the way they would send dash and dot signals. 

 During World War II allied forces used the same method to identify senders and authentication messages they received.

 This is the basic principle of biometrics: to identify a person based on certain unique characteristics.

Biometrics is growing fast, particularly in the field of identity documents. It is generally combined with other security technologies such as smart cards.

Biometric authentication

Identity and biometrics

There are three possible ways of proving one's identity: 

  1. Using something you possess. Until now, this was something relatively easy to do, whether it was by using the key to one's vehicle, a document, a card, or a badge.
  2. Utilizing something you know, a name, a secret or a password.
  3. By means of what you are, your fingerprint, your hand, your face.

The use of biometrics has many benefits. 

The leading one is the level of security and accuracy* that it guarantees. In contrast to passwords, badges, or documents, biometric data cannot be forgotten, exchanged, or stolen, and cannot be forged. 

*According to calculations made by Sir Francis Galton (Darwin's cousin), the probability of finding two similar fingerprints is one in 64 billion even with identical twins (homozygotes). 

It is in this sense that biometrics is inextricably linked to the question of identity.

Where is biometrics used? Use cases 

Historically, applications using biometrics have been predominantly initiated by authorities for military access control, criminal or civil identification under a tightly regulated legal and technical framework. 

Today, sectors including banking, retail, and mobile commerce are demonstrating a real appetite for the benefits of biometrics.

Most importantly, awareness and acceptance in the public have been boosted in the past 6 years as millions of smartphone users are unlocking their phones with a fingerprint or a face.
 
But what’s so special about biometrics?
 
Again, biometric systems are great wherever identification and authentication are key.
 
Let’s quickly review the most typical use cases of biometric technologies:
  1. Law enforcement and public security (criminal/suspect identification)
  2. Military (enemy/ally identification)
  3. Border, travel, and migration control (traveler/migrant/passenger identification)
  4. Civil identification (citizen/resident/voter identification)
  5. Healthcare and subsidies (patient/beneficiary/healthcare professional identification)
  6. Physical and logical access (owner/user/employee/contractor/partner identification)
  7. Commercial applications (consumer/customer identification)

#1 Law enforcement and public security

Law enforcement biometrics are referring to applications of biometric systems that support law enforcement agencies. 

This ​category can include criminal ID solutions such as Automated Fingerprint (and palm print) Identification Systems (AFIS). They store, search and retrieve, fingerprint images and subject records.​ 

Today Automated Biometric Identification Systems (ABIS) can create and store biometric information that matches biometric templates for face, finger, and iris. Discover the work of ​​forensic analysts​ in our video.

Live face recognition - the ability to do face identification in a crowd in real-time or post-event - is also gaining interest for public security – in cities, airports, at borders or other sensitive sites such as stadiums or places of worship.  

These surveillance systems are being tested and/or used in many countries. They are however challenged and sometimes put on hold (read: California bans law enforcement from using facial recognition).

#2 Military - Know your enemy

Much is unknown about how defense agencies around the world use biometric data.

The fact is that information is difficult to come by and share as it is not public.

The United States military has been collecting faces, irises, fingerprints, and DNA data in a biometric identification system since January 2009. The biometric program started as early as 2004 and initially collected fingerprints.

The Defense Forensics and Biometrics Agency (DFBA) is managing the system, known as the DoD Automated Biometric Information System.

According to OneZero (6 Nov 2019), the 7.4 million identities in the database are, for the vast majority, coming from military operations in Iraq and Afghanistan.

For the period 2008-2017, the DoD arrested or killed 1,700 individuals based on biometric and forensic matches (US Government Accountability Office web site - see page 2/59). 

In the first half of 2019, biometric identification has been used thousands of times to identify non-U.S. citizens on the battlefield.

biometrics use case

#3 Border control, travel, and migration

The application which has been most widely deployed to date is the electronic passport (e-passport), particularly with the second generation of such documents also known as biometric passports, on which two fingerprints are stored in addition to a passport photo. 

Over 1.2 billion e-passports are in circulation in 2019. That means over 1.2 billion travelers have a standardized digital portrait in a secure document. It's a windfall for automatic border control systems (aka e-gates) but also for self-service kiosks. 

  • This speeds up border crossing through the use of scanners, which use the principle of recognition by comparison of the face and/or fingerprints. 
  • Check-ins and bag-drop solutions also increase speed and efficiency while maintaining high levels of security

Needless to say, that for airports and airlines, providing passengers with a unique and enjoyable travel experience is a business priority.

Biometrics provides here irrefutable evidence of the link between the passport and its holder

  • Biometric authentication is done by comparing the face/fingerprint(s) seen/read at the border with the face/fingerprints in the passport micro-controller. If both biometric data match, authentication is confirmed. ​​​​
  • ​Identification, if necessary, is done with the biographic data in the chip and printed.

Besides, many countries have set up biometric infrastructures to control migration flows to and from their territories. 

Fingerprint scanners and cameras at border posts capture information that helps identify travelers entering the country in a more precise and reliable way. In some countries, the same applies to consulates to visa applications and renewals.

Data acquisition requires reliable equipment to ensure optimum capture of photos and fingerprints, essential for precision during comparison and verification.

We describe in details three examples of such application:

​#4 Healthcare and subsidies

Other applications exist, chiefly national identity cards, widespread in European and Middle East countries or Africa for ID and health insurance programs, such as in Gabon. 

With these biometric ID cards, fingerprints are used to confirm the identity of the bearer of the card before he or she is given access to governmental services or healthcare. 

Why is it so?

In Gabon for example, even before the program started, it was clear to everyone that all resources should be implemented to avoid the health cover program turning into a center of attention for the citizens of neighboring countries and to ensure that the generosity of the program would not lead to its collapse through the fraudulent use of rights. 

Hence beneficiaries are individually identified so that access to care can be reserved for them. It has been decided that the identification of insured parties will be nominative with the implementation of a Gabonese individual health insurance number. 

Civil data, a photograph of the holder and two fingerprints are digitized within the microprocessor ensuring the encryption and protection of this data. 

The health insurance card is used in hospitals, pharmacies, and clinics, to check social security rights whilst protecting the confidentiality of personal data. Checks are performed using terminals with fingerprint sensors.

#5 Civil Identity, population registration, and voter registration

AFIS databases (Automated Fingerprint Identification System), often linked to a civil register database, ensure the identity and uniqueness of the citizen to the rest of the population in a reliable, fast and automated way. 

They can combine digital fingerprints, a photo and an iris scan for greater reliability.

Civil identity and population registration

India’s Aadhaar project ​is emblematic of biometric registration​​. It is by far the world's largest biometric identification system and the cornerstone of strong identification and authentication in India.

Aadhaar number is a 12-digit unique identity number issued to all Indian residents. This number is based on their biographic and biometric data (a photograph, ten fingerprints two iris scans).

1.246.717.934 people have an Aadhaar number as of 04 November 2019, covering more than 99% of the Indian adult population. 

Yes, you read that right: it's over 1.24 billion people.

Initially, the project has been linked to public subsidy and unemployment benefit schemes but it now includes a payment scheme.

According to  Finance minister Arun Jaitley in his speech of 1 February 2018, Aahaar is providing an identity to every Indian that has made many services more accessible to the people. 

It has reduced:

  • Corruption, 
  • Cost of delivery of public services,
  • Middlemen.
biometric voter registration.jpg
Biometric voter verification at work: identification with bar code, verification with fingerprint.

Voter registration

​Biometrics can also be key for the "one person, one vote​" principle. To know more about this aspect please visit our web dossier on biometric voter registration​.​

#6 Physical and logical access control

Biometric access control systems help to prevent unauthorized individuals from accessing facilities (physical access control) or computer systems and networks (logical access control) based on biometric authentication.

In IT, biometric access control can be a complementary user’s authentication factor and supports organizations’ Identity and Access Management (IAM) policies.

Unlike codes, passwords or access cards that rely on data that can be forgotten or lost, biometric authentication is based on who people are (and not what they have).

In the mobile world, smartphones (a form of IT system) now usually include fingerprint and/or facial recognition features.

The iPhone 5 was first to introduce fingerprint recognition in 2013 (with TOUCH ID) and facial recognition became trendy with the iPhone X introduced in November 2017 (with FACE ID). Today many Android phones have this feature (combined with iris scanning) too.

According to Counterpoint, more than 1B smartphones with fingerprint sensors have been shipped in 2018 and that 1B smartphones will ship with some form of face unlock solution in 2020.

#7 Commercial applications

KYC (Know Your Customer) or KYC check is the mandatory process of identifying and verifying the identity of the client when opening an account and periodically over time. (source: what is KYC? – Gemalto).

It is today a major element in the fight against financial crime and money laundering.

With the use of biometrics, banks, fintech organizations or even telecom operators can make customer mandatory KYC checks (Know Your Customer) faster and more efficiently using biometrics.

In India, the use of Aadhaar-based KYC for mobile connections and bank accounts is authorized (Aadhaar amendment act July 2019).

Retailers can leverage facial recognition to identify a premium customer or a  former shoplifter as soon as they come into the store. if the system recognizes one, it sends an alert to the store manager.

The technology is a powerful marketing enabler or can be applied to policing.

That’s what UK’s The Guardian claims (04 August 2019) as it states that it has become pointless to report shoplifting to the police in the country. Retailers have to find solutions to tackle an estimated £700m ($900m)  loss. They turn to facial recognition solutions.

According to the NYmag web site (October 2018), U.S. retailers are using facial recognition too.

Almost all the top U.S. companies have facial recognition in their agenda or have at least investigated its potential. Wallmart dropped it, Target is not communicating on it, Lowe’s is using the technology and Saks Fifth Avenue is using it in Canada.

However, privacy laws as in Illinois, Texas, Washington and soon California (in January 2020) will pose a serious challenge to these efforts.

In Europe, the problem with the GDPR is that it does not clearly say what you can and can’t do with a facial-recognition system.

Civil liberties groups want an embargo on the technology and a precise democratic debate about the place that facial biometrics should take in our lives."We should decide as a society" summarizes WIRED (August 2019 video).

The debate is not over. Stay tuned.

Visit our web dossiers to learn more on current trends in biometrics and privacy, consent, and function creep

The biometrics market 

The global biometric market is expected to top USD 50 billion by 2024 according to Global Markets Insights.

Non-AFIS will account for the highest biometrics market share, exceeding USD 18 billion till 2024. 

Biometric applications in security and government sectors of North America are driving the regional market trends. The study claims, North America with the U.S. at the helm will represent more than 30% of the overall biometrics industry share by 2024. 

Asia Pacific will also be witnessing solid growth. Governmental initiatives like CRIC (China Resident Identity Card) and the push for facial recognition or India's Aadhaar have deeply favored the commercialization of the biometrics industry in APAC.

Why multimodal biometrics?

Biometrics offers a broad range of techniques and can be used in a wide variety of different domains, ranging from State security to the comfort of individuals. 

These technologies​ are mainly used in the sectors of forensic identification, identity management, as well as for  biometric access control​ both in private and public institutions. The effectiveness of this technology is closely linked to the use of data processing. Data is stored in files to enable rapid and reliable identification, which in turn guarantees both comfort and security. 

The most well-known techniques include fingerprints, face recognition, iris, palm​ , and DNA-based recognition. Research is currently opening the way for new types of biometrics, such as ear shape or facial thermography. 

To increase security and accuracy, multimodal biometrics combines several biometric sources. 

Multimodal biometric systems usually require two biometric credentials for positive identification such as face and fingerprints instead of one​. They can overcome limitations ​ commonly encountered in unimodal systems. 

For several years now, the use of several biometric features in combination, for example, the face and the iris or the iris and fingerprints, has made it possible to reduce error rates considerably.

biometric security Biometrics can also enhance multi-factor authentication (MFA). Geolocation, IP-addresses (the device being used) and keying patterns (the biometric element) can create a powerful combination to securely authenticate users.

Advantages of biometrics

Whatever the method, what all these biometric techniques have in common is that they all collect human characteristics which are:

  • Universal, as they can be found in all individuals
  • Unique, as they make it possible to differentiate one individual from another
  • Permanent, allowing for change over time
  • Recordable (with or without consent)
  • Measurable, allowing for future comparison
  • Forgery-proof (a face, a fingerprint)

Who needs biometrics?

A better question would be: what for?

The simple truth is​ that solutions are related to the challenges to be met.​ 

The justice system, for example, must take the necessary time to identify a criminal and cannot accept the slightest error. It will not be worried about a long and costly process. 

An everyday individual will seek to protect their personal property and have access to it easily, at a reasonable price. 

Governments and public administrations are in their case confronted with multiple issues at once. 

Just think about it.

  • They have to make it easier to cross borders while controlling illegal immigration, fight terrorism, cybercrime or electoral fraud.
  • They need to issue documents compliant with new international standards and regulations, guarantee the security of systems for the production, check of such documents, and data interoperability.
  • And all this should be done within the limits of their budgets.  

On this scale, only an innovative approach to global security which makes use of technological solutions and process which are adapted to the challenges to be met can enable States to effectively address the issues they face and provide them with the means of building trust.​

Is biometrics reliable?

Biometric authentication relies on statistical algorithms. It, therefore, cannot be 100 %-reliable when used alone. 

"false rejections" or "false acceptances"

​What's the story here?

  • In one case, the machine fails to recognize an item of biometric data that does, however, correspond to the person. 
  • In the reverse case, it assimilates two items of biometric data that are not from the same person. 

"False rejection" or "false acceptance" are symptoms that occur with all techniques used in biometrics. 

How accurate is biometrics?

​What's the problem? 

Why would biometrics not be accurate?

Think about this one minute again.

The technical challenges of automated recognition of individuals based on their biological and behavioral characteristics are inherent to the transformation of analog (facial image, fingerprint, voice pattern...) to digital information (patterns, minutiae) that can then be processed and compared/matched with effective algorithms.

Fingerprints

There are about 30 minutiae (specific points) in a fingerprint scan obtained by a live fingerprint reader. 

The US Federal Bureau of Investigation (FBI) has evidenced that no two individuals can have more than 8 common minutiae.

Recognition decisions in biometric systems have to be taken in real-time and, therefore, computing efficiency is key in biometric apps.

It is not the case in biometric forensics where real-time recognition is not a requirement. 

Facial recognition

Facial recognition is the most natural means of biometric identification. The face recognition system does not require any contact with the person. 

The 1200 million electronic passports​ in circulation in mid-2019 provide a huge opportunity to implement face recognition at international borders. 

And the algorithms are getting extremely accurate with Artificial Intelligence. 

According to a 2018 NIST study, massive gains in facial recognition accuracy have been made in the last 5 years (2013- 2018). 

NIST found that 0.2% of searches, in a database of 26.6 m photos, failed to match the correct image, compared with a 4% failure rate in 2014. It's a 20x improvement over four years

The risks of error are related to very different factors. 

  • Take the example of a person with their biometric characteristics. We have noted that particular biometric techniques were more or less well suited to certain categories of persons. The difficulties are related to ergonomic factors of which we do not yet have a firm grasp or understanding. A certain system may work for women, but less well for men, or young people but not for older people, for people with lighter skin, but less well for those with darker skin. 
  • Other difficulties arise in particular with facial recognition, when the person dyes or cuts their hair, change the line of their eyebrows or grows a beard. We can imagine cases of "false acceptance" when the photo taken modifies distinctive character traits in such a way that they match another item of biometric data stored in the database. 
  • Other errors are also possible depending on the technologies used during the biometric enrollment phase. A verification photo taken with a low-quality model of camera can noticeably increase the risk of error. The accuracy of the identification relies entirely on the reliability of the equipment used to capture data. 
  • The risk of error also varies depending on the environment and the conditions of application. The light may differ from one place to another, and the same goes for the intensity or nature of background noise. The person's position may have changed. 

Also, in a biometric control application, the rejection or acceptance rate are intertwined and can be tuned according to an acceptable level of risk. It is not possible to modify one without impact the other one. 

Why is it so?

In the case of a nuclear plant access control application, the rate of false acceptance will be extremely reduced. You don't want ANYONE to enter by chance.

This will also impact the rate of false rejections because you will tune the system to be extremely accurate

You will probably use several authentication factors including a valid ID in addition to biometrics (single mode or multimodal).

According to the Keesing Journal of Documents & Identity (March 2017), 2 complimentary topics have been identified by standardization groups.

  • Make sure the captured image has been done from a person and not from a mask, a photograph or a video screen, (liveliness check or liveness detection) ​
  • Make sure that facial images (morphed portraits) or two or more individuals have not been joined into a reference document such as a passport.

Can facial recognition systems be fooled in 2019? 

If you want to know more, read our September 2019 web review on top facial recognition trends​.

​Other biometric devices: Tokens & biometric cards 

 Biometrics suffers from the fact that the matching algorithms cannot be compared to the hashes of passwords, as we said.

This means that two biometric measures cannot be compared with each other without them, at some point, being "in plaintext" in the memory of the device doing the matching. 

Biometric checks must, therefore, be carried out on a trusted secure device, which means the alternatives are to have a centralized and supervised server, a trusted biometric device, or a personal security component.

Smart ID cards

This is why tokens and smart cards (IDs or banking cards now) are increasingly used as the ideal companions for a biometric system. 

Biometric identity card The South African electronic ID card uses biometrics.
 

Numerous national identity cards (Portugal, Ecuador, South Africa, Mongolia, Algeria, etc.) now incorporate digital security features, which are based on the "Match-on-Card" fingerprint matching algorithm. 

Unlike conventional biometric processes, the "Match-on-Card" algorithm allows fingerprints to be matched locally with a reference frame thanks to a microprocessor built into the biometric ID card and without having to connect to a central biometric database (1:1 matching). 

Biometric sensor cards

Biometric card
A biometric payment card with a sensor (where the thumb is)

Another form of delivering a safe and convenient way to authenticate people has been enabled with the integration of fingerprint scanner into smart cards.

These biometric sensor cards open up a new dimension in identification with an easy-to-use, portable and secure device.
They are being launched in 2018 for the first time by the Bank of Cyprus and Gemalto for EMV cards (contactless and contact payment). They use fingerprint recognition instead of a PIN code to authenticate the cardholder.

There's more.

The cards can also be tailored to support access, physical or online identity verification services.

As the user's biometric data is stored on the card, not on a central database, customer details are highly protected if the bank was to suffer a cyber-attack. Likewise, if the card was to become lost or stolen,  the holder's fingerprint could not be replicated.

Put it in another way: the biometric identifiers are checked locally and protected, as they are stored solely on the card. They never leave the card.

Biometric security

Biometrics can fulfill two distinct functions, authentication and identification as we said. 

Identification answers the question "Who are you?". In this case, the person is identified as one among a group of others (1: N matching). The personal data of the person to be identified are compared with the data of other persons stored in the same database or possibly other linked databases. 

Authentication answers the question: "Are you really who you say you are?". In this case, biometrics allows the identity of a person to be certified by comparing the data that they provide with pre-recorded data for the person they claim to be (1:1 matching). 

These two techniques solutions call upon different techniques. 

Identification, in general, requires a centralized database which allows the biometric data of several persons to be compared. 

Authentication can do without such a centralized database. The data can simply be stored on a decentralized device, such as one of our smart cards. 

For data protection, a process of authentication with a decentralized device is to be preferred. Such a process involves less risk. 

The token (ID card, military card, health card​) is kept in the user's possession and their data does not have to be stored in any database. 

Conversely, if an identification process requiring an external database is used, the user does not have physical control over their data, with all the risks which that involves. 

Why are biometrics controversial​?

Biometric security offers many advantages (to strongly authenticate and identify) but is not without controversy.​ This is linked to privacy and citizen's ability to control information about him/herself.​​

2 types of risks can be identified: 

  • The use of biometric data to other ends (aka function creep) than those agreed by the citizen either by service providers or fraudsters. As soon as biometric data is in the possession of a third party, there is always a risk that such data may be used for purposes different to those to which the person concerned has given their consent.
    There may thus be cases of unwanted end use if such data is interconnected with other files, or if it is used for types of processing other than those for which it was initially intended. 
  • The risk on the biometric database and data presented for biometric checks. The data can be captured during their transmission to the central database and fraudulently replicated in another transaction. 

The result is a person losing control over their data which poses major risks in terms of privacy. 

In practice, data protection authorities seem to give preference to solutions that feature decentralized data devices. 

For Gemalto, whether it is a matter of biometrics or not, the identity of a person, provided by their country, should be under his/her control. 

Want to see how biometric data are protected around the world?

Biometric and legal frameworks

Biometrics and data protection

 The "United Nations Resolution" of 14 December 1990, which sets out guidelines for the regulation of computerized personal data files does not have any binding force. 

​On a more global basis, legal deliberations thus rely to a very large extent on provisions relating to personal data in the broad sense. But such provisions sometimes prove to be poorly adapted to biometrics. ​

On the contrary, the new EU regulation replaces the existing national laws as of May 2018.

The General Data Protection Regulation is directly applicable in all 27 Member States of the European Union and the UK as of May 2018.  

And biometric data are clearly defined and protected.

Can this really be true?​ Yes.

In a nutshell, it establishes:

  1. A harmonized framework within the EU, 
  2. The right to be forgotten, 
  3. "Clear" and "affirmative" consent
  4. Serious penalties for failure to comply with these rules. 

It should be pointed out that outside the European Union the level of protection differs depending on the legislation in force. Assuming – that is – that there is any such legislation... 

An example is the United States where 3 states (Illinois, Washington, and Texas) clearly protect biometric data and.. 47 don't. 

But things may move faster in 2019 and 2020.

The California Consumer Privacy Act is a major step forward for the country. It enhances privacy rights and consumer protection for residents of California and will be applicable as of 1 January 2020.

Why is it important?

The CCPA may serve as a model for a future federal legal framework.

To know more about biometric data protection in the EU and UK (GDPR), in the United States (CCPA) and recent changes in India, read our dossier dedicated to privacy regulations and biometric data​.

Putting biometrics to work for digital security

Gemalto possesses its technology, ​recognized worldwide, which, combined with its impartial stance on the source of biometric data, allows it to help everyone put their trust in the digital world.

An expert in strong identification solutions with more than 200 civil ID, population registration and law enforcement projects that incorporate biometric security, Gemalto can act as an independent force in proposing and recommending the most suitable solution in each case. 

Gemalto attaches a great deal of importance to the assessment of risks which may not always be visible to the general public, and to the capacity of private operators to manage such risks. Similarly, legal and social implications are also very important. ​

Though Gemalto keeps an open mind about biometric techniques, it remains no less convinced that, whatever the choice of biometric, this technology offers major benefits for guaranteeing identity.​

 Documents

 Case study

  • Automated Biometric Identification Systems (ABIS)

    Benefits of a Regional or Local Automated Biometric Identification System

    Automated Biometric Identification Systems (ABIS) have proven to be accurate and efficient in helping keep communities safe. But having a local or regional system can serve more granular needs than the state or country-wide system.

    Read more
  • Rhode Island’s Automated Fingerprint Identification System (AFIS)

    Gemalto advances Rhode Island’s Automated Fingerprint Identification System (AFIS)

    In 2015, the Rhode Island Office of the Attorney General, which oversees the Bureau of Criminal Identification (BCI), began work with Gemalto to build a faster AFIS

    Read more
  • Iris recognition at Bogota International Airport

    Gemalto's Biometric Authentication Technology Revolutionizes Automated Border Control in Colombia

    Iris recognition at Bogota International Airport facilitates secure border crossing in seconds

    Read more

 Related

The Portuguese ex​perience 

The Portuguese ex​perience

Biometrics with strict confidentiality

Read more