Biometrics are at the forefront of cutting-edge new security technology. Biometrics is the collection of biological features that make an individual completely unique. Fingerprints, facial structures, and even voices can serve as biometric security measures.
Many devices are now synced to only one user, needing to read a fingerprint or face before allowing you access. In places where security is of the utmost importance — like government buildings and airports — the use of biometrics has made its way into security and surveillance measures.
In ExpressVPN’s summary, though, it becomes clear that some drawbacks come along with using biometrics. Increased concern over privacy is at the top of the list. This concern should be a top priority for the general public, but also for businesses.
Violating Privacy With Biometrics
Increased security on our devices and greater convenience come along with the use of biometrics, but past events have shown there’s a risk to our privacy as well. In 2019, during protests in Hong Kong, biometrics were used to identify protestors. Later, those protestors were then penalized by the government.
It’s easy to believe that similar tactics won’t be used closer to home, but in recent weeks, we’ve seen similar tracking using biometrics with cases of COVID-19. There is a genuine concern that biometric technology will move from an asset to the people into a weaponized technology used against them by the government.
We’re already seeing biometric technology used to track and identify those who are considered problematic by the government. As the technology becomes more readily available and more people continue to employ biometric measures on social media platforms, the temptation to dip into databases and use those biometrics will be strong. Protecting that data and preventing business and government overstep will be crucial.
Legal Advancements with Biometrics
Fortunately, the law is beginning to catch up with the concerns related to biometrics. Precedents are being set, and companies are being held accountable for their choices. Recently, Facebook faced a 650 million dollar fine in a privacy-related lawsuit that was linked to their facial photo-tagging feature. In other words, using facial recognition technology — biometrics — to track users’ activities.
In the United States, there are no federal laws concerning biometrics and privacy. While the private sector has embraced the biometric trends, the government has moved away from relying on biometrics. Recently, the IRS even dropped the use of biometrics to log in to their online platform. This decision was made in the wake of lawmakers and privacy experts pushing for less intrusive ways to establish or confirm identity.
Back in 2008, Illinois was at the front of the pack when it became the first state to put a biometric data privacy law in place. Currently, there are five states in total that boast such laws, but only California and Illinois allow for private right of action. With biometric technology improving every day and becoming a more well-known issue, similar laws will likely follow.
For those who live in the European Union, there is the General Data Protection Regulation (GDPR). The GDPR is a legal framework that’s been put in place to guide the appropriate use of the collection and processing of biometric data. The GDPR doesn’t just impact those who live in the EU, though. Any website, regardless of where it is operated from, is required to follow those guidelines if EU users are visiting it.
The GDPR includes not just stipulations about identifying when biometric data is being collected, it also requires notification if databases containing such information have been compromised. As we move forward in a world where biometrics become more commonplace, businesses and entities will need to pay attention to regulations in their immediate area as well as around the world.
The Future of Privacy and Biometrics
Biometrics is undoubtedly a part of the future when it comes to cybersecurity. As we move forward and biometrics are pervasive, it’s essential to consider how you can responsibly store and use biometrics — both yours and those that belong to others. Always use privacy statements that explicitly state what data is being collected and how it’s being used. Monitor your databases closely and act promptly in the event accounts are compromised.
