FB pixel

More than consent needed for legal biometric data use: Spanish regulator

Spain’s Data Protection Agency issues guidance
More than consent needed for legal biometric data use: Spanish regulator
 

The Spanish Data Protection Agency (AEPD) has published a guide outlining how biometric data should be used for access control, according to an announcement translated from Spanish using Google Translate.

The document outlines criteria for the use of biometrics both inside and outside of the workplace. The document’s criteria complies with the GDPR and other regulatory frameworks.

The agency describes the processing of biometric data as high-risk and finds it necessary to establish a guide for its use as it grows progressively easier to gather larger volumes of biometric data, sometimes without their knowledge.

The guide notes that there must be a law authorizing the use of biometric data for access control for work purposes in order for it to be lawful for an entity to use an individual’s data for that purpose.

Obtaining consent alone does not automatically make it lawful for an entity to collect a person’s data, either. This would create an imbalance of power between the entity and the individual whose data is being used, the release notes. This rule is based on article 9.2.b of the GDPR.

Because biometric data is considered high-risk, an entity collecting the data needs to assess whether the purpose of collecting the data is necessary enough to warrant taking on such a risk. This rule is based on article 35.7.b of the GDPR.

In cases where it is lawful to collect biometric data, entities are still required to inform people about the risks associated with collecting biometric data. They are also required to implement data protection by design.

The AEPD fined Mobile World Congress earlier this year for violating GDPR with its deployment of face biometrics for attendee registration.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Global ID patents protocols for biometric device as identity credential

Finger vein recognition has drawn increasing attention from the biometrics community in recent years, with more patents being granted and…

 

Vida introduces biometric identity stack to fight fraud in Indonesia

As digital transformation accelerates globally, the threat of cybercrime continues to grow, driving demand in underserved countries. In Indonesia, homegrown…

 

EU gathers feedback on EUDI Wallet certification, implementation

As the European Union approaches the launch of its digital identity project, feedback on the certification of the conformity of…

 

ACI pushes back on Philippine national ID card contract cancelation

The Philippine government’s national ID system has come under scrutiny, as the Bangko Sentral ng Pilipinas (BSP) faces criticism for…

 

Brazilian digital ID firm Unico acquires Oz Forensics and Trully.AI

Brazilian digital identity unicorn Unico has announced more acquisitions. The selfie biometrics provider, backed by the likes of Goldman Sachs,…

 

Pakistan ID agency chair out after court rules appointment violates constitution

A legal standoff appears to be brewing between Pakistan’s military government and judiciary, after the Lahore High Court ordered the…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events