FB pixel

Spanish data protection regulator targets 14 misconceptions about biometrics in technical note

Spanish data protection regulator targets 14 misconceptions about biometrics in technical note
 

Unauthorized access to biometric data in one system would allow the biometrics to be used in the rest of systems which use such data, the Spanish Data Protection Agency (AEPD) claims in a technical note on 14 common misconceptions about biometrics.

The note was developed in cooperation with the European Data Protection Supervisor (EDPS), and addresses what the AEPD says are misunderstanding people have about biometric technology.

According to the AEPD, some people believe biometric data is stored as an algorithm, and the agency clarifies that it is stored as a template, and the algorithm comes in when it is analyzed for identification and authentication processes. The AEPD also argues that biometric data is more intrusive than other identification and authentication methods, because it reveals more personal information about the subject, and also that it is probabilistic, rather than 100 percent accurate.

The AEPD also notes that biometric technology can not always differentiate between two people, that some people cannot use certain biometric systems due to their physical characteristics, and that biometric processes can be spoofed. The public availability of faces and other biometric factors means that biometric information is exposed, the regulator says.

AEPD believes that biometric identification and authentication are not safer for users than other methodologies, and that systems using only biometrics for authentication are inherently insecure, by definition, as single-factor systems. Biometric systems may not always be comfortable for users, and partial reconstructions from templates that may be sufficient to fool other biometric systems are possible, the note says.

Even if biometric data is converted to a hash, AEPD cites an article in the EURASIP Journal on Advances in Signal Processing which suggests it may be possible to obtain biometric data, or reverse the process.

The agency says the document is intended for data protection officers and others to help them understand the complexities of biometrics.

The AEPD warned businesses that facial recognition use as part of COVID-19 screening systems is only legal under GDPR under certain conditions.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

More US airlines, airports moving toward biometrics for security, baggage

From Denver to Salt Lake City to Dubai, biometrics and digital ID are being activated to improve security and efficiency…

 

Isle of Man govt plans public consultation on introduction of FRT at ports

The Isle of Man continues to debate the introduction of facial recognition and identity documents to boost security at its…

 

Scottish review calls for clearer standards for police in biometric data retention

The Scottish government, in partnership with the Scottish Biometrics Commissioner, has published a detailed review of biometric data retention practices…

 

North Korean mobile service apps rely on facial recognition

North Korean citizens are required to submit face biometrics to subscribe to mobile services through the official apps of North…

 

Integrated Biometrics, GripID release ‘smallest multimodal biometric device’

Shaped and sized like a modern TV remote or an early iPod Nano, the new multimodal biometric scanner from GripID…

 

Aware has parted company with CEO Robert Eckel

Robert Eckel is resigning as CEO of Aware. The Massachusetts-based biometrics company has filed a form with the United States…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events