FB pixel

Spanish data protection regulator targets 14 misconceptions about biometrics in technical note

Spanish data protection regulator targets 14 misconceptions about biometrics in technical note

Unauthorized access to biometric data in one system would allow the biometrics to be used in the rest of systems which use such data, the Spanish Data Protection Agency (AEPD) claims in a technical note on 14 common misconceptions about biometrics.

The note was developed in cooperation with the European Data Protection Supervisor (EDPS), and addresses what the AEPD says are misunderstanding people have about biometric technology.

According to the AEPD, some people believe biometric data is stored as an algorithm, and the agency clarifies that it is stored as a template, and the algorithm comes in when it is analyzed for identification and authentication processes. The AEPD also argues that biometric data is more intrusive than other identification and authentication methods, because it reveals more personal information about the subject, and also that it is probabilistic, rather than 100 percent accurate.

The AEPD also notes that biometric technology can not always differentiate between two people, that some people cannot use certain biometric systems due to their physical characteristics, and that biometric processes can be spoofed. The public availability of faces and other biometric factors means that biometric information is exposed, the regulator says.

AEPD believes that biometric identification and authentication are not safer for users than other methodologies, and that systems using only biometrics for authentication are inherently insecure, by definition, as single-factor systems. Biometric systems may not always be comfortable for users, and partial reconstructions from templates that may be sufficient to fool other biometric systems are possible, the note says.

Even if biometric data is converted to a hash, AEPD cites an article in the EURASIP Journal on Advances in Signal Processing which suggests it may be possible to obtain biometric data, or reverse the process.

The agency says the document is intended for data protection officers and others to help them understand the complexities of biometrics.

The AEPD warned businesses that facial recognition use as part of COVID-19 screening systems is only legal under GDPR under certain conditions.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News


HHS removes Login.gov from grantee payment system after cyberattack

The U.S. Department of Health and Human Services has removed Login.gov from its grantee payment platform after a security breach…


City of Clemson pilots Intellicheck ID verification to prevent underage drinking

Identity verification provider Intellicheck and the city of Clemson have launched a 12 month pilot program that uses identity verification…


Rumors of liveness detection’s defeat have been greatly exaggerated

Photo and video face filters are perhaps the most mainstream use case for augmented reality –  and an illustrative test…


Companies House takes new measures to fraud fight, but not biometric IDV

Companies House, the UK’s business registry, has begun rolling out new tools to fight fraud and help cleanse the register…


Mitek: quarterlies, annuals, SEC actions

April 4, 2024 – Mitek is getting back on track with its financial reporting, which may be more reflective of the…


Jamaica parliament soon to receive draft digital ID regulation for scrutiny

Plans are being finalized to send the draft regulation on Jamaica’s digital ID program to the country’s parliament for examination…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events