Biometric data: complying with data protection laws

read time: 2 min

What is biometric data?

Biometric data is a type of personal data which provides information about an individual’s physical characteristics. This includes facial recognition, retinal scanning and fingerprint scanning. 

In order to be compliant with data protection law, businesses must demonstrate how they comply with data protection principles. Businesses must also think if any plans to use biometric data correlate to data protection law - such as whether the biometric data is the most effective way to meet a business’ needs and if there are any less intrusive methods to achieve the same goal.

Advice from the Information Commissioners Office

The Information Commissioner’s Office (ICO) has provided draft guidance for businesses when using biometric data and biometric recognition systems. Although still in the consultation phase, the guide provides some important tips.

The guidance from the ICO also states that businesses must:

  • Complete a data protection impact assessment (DPIA) for any processing likely to result in a high risk to people’s rights and freedoms, as most uses of biometric recognition systems involve these criteria
  • Consider the likelihood and potential impact of specific risks that may occur and the potential for harm that may result
  • Ensure that there is understanding of how the system works and what its capabilities are – specialist advice may be required
  • Consider whether the system intending to be used involves privacy enhancing technologies (PETs) or whether these can be deployed alongside, for limiting the amount of personal data used
  • Establish who is the controller of the biometric information
  • Seek explicit consent as the valid condition for processing special category biometric data

Businesses can read the draft guidance here. The consultation on the guidance will run until 20 October. 

If you need help staying compliant with data protection rules, contact our privacy & data team for further information.

Sign up for legal insights

We produce a range of insights and publications to help keep our clients up-to-date with legal and sector developments.  

Sign up