Digital ID group calls for biometrics code in NZ to avoid stifling innovation
Digital Identity New Zealand (DINZ), an organization making expert contributions to New Zealand’s digital transformation efforts, has underlined the need to prioritize an intense awareness and education program related to the intricacies of biometrics deployment in the country.
This call is contained in a submission by the group and it comes as the Office of the Privacy Commissioner (OPC) is considering a code of practice that will regulate the use of the technology that has become a common feature in the daily lives of New Zealanders, according to a DINZ news release.
From online ID verification to border control, to law enforcement, retail security, access control and attendance monitoring in offices and schools, the deployment of biometrics in growing by the day in New Zealand and users are also getting worried about the potential risks of the technology if it is deployed improperly.
“Our response focuses on striking a balance between protecting individuals’ privacy and allowing responsible government and business use of biometric data. We emphasize the importance of a thoughtful and well-informed approach to considering the potential for regulation of the use of biometrics, tailored to the unique challenges of this technology,” says Colin Wallis, DINZ executive director.
He adds that because biometrics are increasingly taking a preponderant place in the lives of citizens, the need for “demonstrable privacy and technical expertise, alongside practical experience combined with good design and implementation, are keys to great outcomes.”
In the submission, DINZ advises the OPC on five key things to consider as it figures out a biometrics code of practice.
On privacy protection, the organization believes that users can have assurance about adequate privacy protection if privacy impact assessment as sated in the Privacy Act 2020 is made mandatory. This, it says, will help “avoid unintended consequences, elevate industry standards and prevent subpar practices.”
Among other things, DINZ calls for clarification on which definition of biometrics should apply to New Zealand before a code of practice is considered, suggests that regulatory changes should primarily safeguard individuals’ privacy in identification and verification processes, advises OPC to exercise caution and avoid rushing into implementing a code of practice which could trigger a change towards “compliance behaviour” that will stifle innovation.
“The proposals for a code could suspend, reduce, or delay use of biometric information, to the detriment of information security and customer service,” DINZ writes in response to the OPC’s question about potential unintended consequences of its regulation. “The proposals could also stunt development and innovation that would in time improve the accuracy and acceptability of less well known/trusted use cases.”
A similar point about the risk of stifling biometrics innovation with overly restrictive regulation has also been made by, biometrics developers like FaceFirst, government officials, and even the International Association of Privacy Professionals.
The group also recommends that OPC collaborate with industry experts to co-create guidance on biometric information’s use in identification and verification.
Article Topics
biometrics | data privacy | Digital Identity New Zealand (DINZ) | New Zealand | New Zealand Privacy Commissioner | Office of the Privacy Commissioner (OPC) | regulation
Comments