Red Cross adopts new biometric data policy
Following a significant increase in the use of biometrics in different frameworks such as forensics, family link rebuilding or digital ID for remote and low-connectivity environments to improve humanitarian aid delivery, the International Committee of the Red Cross (ICRC) has adopted a new Biometrics Policy to ensure the ethical use of biometric technology and to focus on data protection roadblocks, the humanitarian organization announced.
A top issue the ICRC has is how to handle biometric data for beneficiaries and affected populations who could be put at risk if it is disclosed or used for purposes it was not collected for. The organization recognizes biometric data as sensitive personal data, and says protecting the personal data of its beneficiaries in necessary for the agency to preserve its neutrality, impartiality, independence, and status as an exclusively humanitarian organization.
The “Policy on the Processing of Biometric Data by the ICRC” document commits the organization to a regular review to keep up with changing technology and data protection norms. It sets out criteria for the legitimate basis of biometric data collection, purposes it can be used for, and the need for data minimization and Data Protection Impact Assessments. It also establishes five conditions which must all be met for any biometric data to be shared with any government or authority, including permission from the data subject.
In line with the ICRC Rules on Personal Data Protection, if beneficiaries do not want to provide their data, the ICRC will not make it mandatory.
The Policy on the Processing of Biometric Data was ratified in August 2019.