The use of biometric technology and artificial intelligence (AI), from fingerprint scanners to facial recognition, has become increasingly widespread, offering a range of benefits such as convenience, faster service, and improved security. As technology advances, so will the forms of biometric data that can be derived from individuals. Indeed, data relating to the physical or psychological characteristics of an individual have been around for several years, but data relating to behavioural characteristics are novel.
However, this also raises significant concerns about privacy, equity, and discrimination. The collection and use of biometric data can result in serious privacy violations, as well as exacerbating existing inequalities and biases. In addition, businesses that rely on biometric data face various risks, including data breaches and false positives, which can have serious consequences for both, business and individuals affected.
To address these concerns, there is a growing push for regulation of biometric technology and AI in both the US and the EU. Several states in the US have already enacted laws to protect employees' privacy rights in their biometric data, and there have been numerous class action lawsuits against employers, consumer-facing businesses, and technology companies for claimed violations of biometric privacy rights. In addition, lawmakers are increasingly weighing in on the debate, with some calling for stricter regulation of biometric technology and AI in the consumer domain.
This paper presents an analysis of the risks related to the misuse of biometrics and AI. It includes an examination of relevant case law and an overview of relevant regulatory measures, with a particular emphasis on the US and the EU. We start by outlining how biometrics are defined by law before examining some applications of biometrics and the harm they can bring without the appropriate safeguards. We then survey the regulatory landscape for biometric systems. Our main findings emphasize the importance of: i. regularly testing, evaluating, and auditing biometric systems; ii. implementing a robust risk-management framework; and iii. establishing a more standardized regulatory approach.
Schedule a call with one of our experts
DISCLAIMER: The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser; Holistic AI does not recommend or endorse the contents of the third-party sites.
Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, contributing law firms, or committee members and their respective employers.
The views expressed at, or through, this site are those of the individual authors writing in their individual capacities only – not those of their respective employers, Holistic AI, or committee/task force as a whole. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided "as is;" no representations are made that the content is error-free.
