Global biometric data collection and surveillance grow despite lack of regulations
Research firm Comparitech has released the results of its latest study on global biometrics gathering and handling. It ranks 96 countries based on the scope of biometric data collection, data handling, and data protection mechanisms. The highest and lowest scoring nations are then divided into two “top 5” groups that are ranked either ‘best’ or ‘worst’ depending on their biometric data collection and handling practices.
Comparitech’s report titled ‘Protected: Biometric data: 96 countries ranked by how they’re collecting it and what they’re doing with it’ differs from the company’s 2019 biometrics study in that its scope has been widened from 47 to now include 96 nations. The study’s expansion is no coincidence as it directly mirrors a new global trend towards increased government surveillance that is sharply accelerated by the ongoing COVID-19 pandemic.
Rise in biometric data collection, increased acceptance, and growing surveillance amid pandemic
The study found an overall rise in biometric data collected from travelers during airport checks and bank customers for authentication and identification. Furthermore, despite the lack of privacy legislation, growing biometric data collection initiatives are generally gaining worldwide acceptance. In addition to this, many countries have also been found to have increased their use of facial recognition technology through CCTV, adding yet another privacy concern.
A key pattern presented in the results was the growing acceptance of biometric data collection and surveillance due to the ongoing pandemic. The study found that the lowest-scoring countries were also those with the highest increase in Covid-related biometric collection measures. Examples of this are facial recognition used in drone surveillance in China or for fever detection and contactless payments in the USA.
GDPR legislation earned EU nations high marks for data protection
Within the 96 nations, EU members scored considerably higher data protection marks than non-member states thanks to their GDPR legislation.
Increased collection, surveillance, and lacking regulations common among the lowest-scoring nations
(1) China was ranked the top ‘worst’ in biometric data collection and data handling due to its extensive national biometric database that now also includes DNA, its invasive use of public facial recognition cameras, and its lack of workplace data protection.
(2) A surprising second place was awarded to the Central American nation of Costa Rica thanks to its growing use of facial recognition, its national biometric database, and the lack of privacy regulation.
(3) Iran has rapidly advanced its national biometric database and facial recognition in public spaces, earning a third-place thanks to increased surveillance. Lacking adequate data privacy regulation, Iran’s security forces have full access to data stored in the national biometric database.
(4) The United States shares fourth place with Saudi Arabia, the UAE, Bangladesh, the Philippines, and Uganda. The primary reason for this is the United States’ increased use of facial recognition technology and its continued lack of biometric data privacy legislation on the federal level.
(5) Iraq and Malaysia came in fifth as the two countries make extensive use of biometric IDs, databases, and facial recognition and lack any data protection laws.
The top 5 nations scored high mainly due to their lack of biometric data collection programs
The study ranked the following nations as ‘best’ in their overall biometric collection and data handling: (1) Turkmenistan, (2) Ethiopia, (3) Azerbaijan, (4) Portugal and Ireland, as well as (5) Guatemala, Luxembourg, Paraguay, Poland, Romania, Tunisia, and the UK. These nations received their marks either for their data protection regulations or the lack of biometric data collection initiatives.
Countries were scored based on 8 common criteria
The study used a reverse scoring system from 1 to 31 with 1 being the best score. Scoring methodology was initially built on a set of eight categories that could be commonly attributed to all countries. The first category contains a yes/no questionnaire examining a nation’s scope of biometric data collection. Questions determine the presence of biometric data in passports and IDs, data protection laws that specifically include biometric data, biometrics used in banking, as well as biometric voter registration programs.
The second category determines the presence and size of biometric databases. The third category examines the range of police access to biometric databases and the fourth measures the range of facial recognition and other surveillance used in CCTV. Workplace protections or the lack thereof constitute the fifth scoring category as they highlight how employee data is collected and handled. The sixth and seventh categories show the range of traveler biometric data collection for visa entry and obtaining visas. The eighth and last category checks whether biometric checks are conducted during border entry.
While the study originally included 100 nations based on their GDP, Comparitech decided to eliminate Qatar, Nepal, Macau, and Puerto Rico as there was not sufficient data available on them.
COVID-19 related scores determine the rise in biometric data collection due to pandemic
An additional category was created for this year’s edition of the report to determine the impact of COVID-19 on the use of biometrics. Countries were tested on whether they use biometrics for lockdown enforcement, medical use, contactless payment methods, facial recognition to trace contacts and enforce mask-wearing, border checks, and emerging tech such as AI robots.