Do biometric technologies pose a threat to consumer privacy?

As such technologies become better, cheaper, more reliable, more accessible and more convenient, they will be increasingly introduced into the human ecosystem at all levels: for national identity cards, law enforcement agencies, physical access control, border control, logical access control, convenience, etc.

Although biometric technologies offer reliable tools for identification and authentication, their use raises concerns about a possible threat to people's privacy.

Biometric identifiers, whether they are facial features, voice timbre, fingerprints or eye structures, carry serious confidential information not only because these characteristics are personal, but also because they are permanent. One of the main advantages of technologies is that these characteristics are unique and unchangeable over the time.

At the same time, there is always the possibility of hacking computer networks, which entails the need to protect the collected biometric data from abuse and misuse during their collection, processing, storage and access. The public is also concerned about the rapidly developing possibilities of fraud by faking the system's sensors and using their inaccuracies in operation.

Major banks and Internet companies, which are pioneers in the use of biometrics, claim that they do not store real fingerprints or the results of iris scans — only authentication codes into which they are converted, but the frequent cases of data leaks call into question whether this can be a guarantee of confidentiality.

In case of theft of biometric identifiers, users may face serious threats to their security. A stolen credit card or bank account number can be replaced, but how can fingerprints, facial features, or the iris of the eye be replaced?

In addition, the automation of human identity authentication raises concerns about the possibility of using biometric systems for surveillance. Although the use of biometric technologies is not aimed at invading privacy, in many cases, the ways of creating, storing, comparing and linking digital data with other information about a person raise serious concerns about blurring the boundaries between privacy and security measures.

The same facial recognition technologies, which have become widespread in recent years, are called a «double-edged sword». Many argue that video surveillance and facial recognition systems play an important role in the fight against crime and help in solving other important tasks, and it is difficult to argue with this, but they also create problems and risks for privacy.

advertisers have been tracking our every movement on the Internet for a long time, and biometric technologies allow to track us in the real world. Every movement during a walk around the city can be recorded and stored in such profiles about personal preferences, financial status, political affiliation and health status of each person.

In order to avoid such distortions, it is necessary to further improve the legislation providing for liability for the misuse of personal data. Russia is actively working on the development of a Unified Biometric System (UBS), the functioning of which is regulated by Federal Law No. 482-FZ of December 31, 2017 «On Amendments to Certain Legislative Acts of the Russian Federation».

In February of this year, the media holding PLAS together with the company Iris Devices held an online event dedicated to the development and application of biometric technologies in the banking sector, the payment industry and retail trade. The RecFaces company acted as a partner of the event. During it, the issues of legislative regulation were analyzed and the most successful cases of using these technologies were considered.

Kirill Kosolapov, Project Manager, Ministry of Digital Development, Communications and Mass Communications of the Russian Federation, noted that Federal Law 479-FZ, passed on December 29 last year, expands the possibilities of using biometric technologies in the public sphere and regulates their use for commercial purposes.

Vitaly Kopysov, Innovation Director of SKB-bank, who spoke at the event, believes that it is the legislative acts passed at the end of 2020 that can give an additional impulse to the further development of the UBS, which, with the status of a state information system, has become a unified biometric system for Russian citizens, guaranteeing the protection of personal data. This means that the confidentiality of consumers can be guaranteed only with the help of an integrated approach, when technological innovations are used within the strict framework outlined by law. Nevertheless, despite all the concerns expressed by experts and public organizations from different countries about the threat of privacy, biometric technologies have much more advantages than disadvantages, and therefore the prospects for their use are quite obvious.