The use of biometric technology and artificial intelligence (AI), from fingerprint scanners to facial recognition, has become increasingly widespread, offering a range of benefits such as convenience, faster service, and improved security. As technology advances, so will the forms of biometric data that can be derived from individuals. Indeed, data relating to the physical or psychological characteristics of an individual have been around for several years, but data relating to behavioural characteristics are novel.
However, this also raises significant concerns about privacy, equity, and discrimination. The collection and use of biometric data can result in serious privacy violations, as well as exacerbating existing inequalities and biases. In addition, businesses that rely on biometric data face various risks, including data breaches and false positives, which can have serious consequences for both, business and individuals affected.
To address these concerns, there is a growing push for regulation of biometric technology and AI in both the US and the EU. Several states in the US have already enacted laws to protect employees' privacy rights in their biometric data, and there have been numerous class action lawsuits against employers, consumer-facing businesses, and technology companies for claimed violations of biometric privacy rights. In addition, lawmakers are increasingly weighing in on the debate, with some calling for stricter regulation of biometric technology and AI in the consumer domain.
This paper presents an analysis of the risks related to the misuse of biometrics and AI. It includes an examination of relevant case law and an overview of relevant regulatory measures, with a particular emphasis on the US and the EU. We start by outlining how biometrics are defined by law before examining some applications of biometrics and the harm they can bring without the appropriate safeguards. We then survey the regulatory landscape for biometric systems. Our main findings emphasize the importance of: i. regularly testing, evaluating, and auditing biometric systems; ii. implementing a robust risk-management framework; and iii. establishing a more standardized regulatory approach.
Schedule a call with one of our experts