FB pixel

FIDO Alliance stresses differences in MFA technologies, sensitivity of biometric data as GDPR takes effect

 

As the EU’s General Data Protection Regulation (GDPR) comes into effect, the FIDO Alliance has published a post outlining its perspective on the law, sharing three things that every organization should know about it.

The data protection safeguards GDPR requires of companies doing business with EU citizens are only complete, in FIDO’s view, if they include multi-factor authentication (MFA). The group says 81 percent of all breaches last year were due to weak or stolen passwords, but also warns that hackers have learned how to bypass first-generation MFA technologies, making it important to chose the right MFA solution.

GDPR’s requirement of consent from individuals to process their data also requires that organizations authenticate the identity of those individuals, FIDO points out. In the case of sensitive data, that consent must be explicit.

Finally, while biometrics can deliver strong personal authentication to help meet GDPR requirements, biometric data is classified as “sensitive” by GDPR. Therefore, any entity using biometrics must make sure that use is compliant, and that data is robustly protected.

FIDO also offers a whitepaper about using FIDO authentication for GDPR compliance (PDF).

Professors of Accounting Paul Sheldon Foote and Sumantra Chakravarty examined issues relating to biometrics and GDPR compliance in a recent guest post for Biometric Update.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Passkey adoption by Australian govt, banks drives wider passwordless authentication

It’s high noon for passwords. Across the Authentication Corral, an inscrutable stranger saunters up and puts their hand on the…

 

‘New era in travel’: airports, airlines continue to be sweet spot for biometrics

A fascinating experiment in biometrics would be to find a privacy conscious person who would generally avoid facial recognition, put…

 

Limitations of FRT apparent in search for United Healthcare CEO’s killer

The murder of United Healthcare CEO Brian Thompson in Midtown Manhattan involved the use of facial recognition technology (FRT) to…

 

OpenID, BIO-key, RSA, SecureAuth showcase at Gartner IAM Summit

The 2024 Gartner Identity & Access Management Summit, running from December 9-11 in Grapevine, Texas, is playing host to names…

 

Aboriginal digital ID offers Indigenous Australians pathway to essential services

There are more than 200,000 Aboriginal and Torres Strait Islanders in Australia who lack a birth certificate. Without this vital…

 

Australia piloting myGov app and Trust Exchange for sharing medical data

The Australian government has launched a pilot of its myGov public services app and Services Australia’s Trust Exchange (TEx) proof-of-concept…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events