First universal privacy guidelines for biometrics

As the potential and application of biometric technology multiplies, making sure people’s privacy is protected has never been more important.

Every two years we update our Privacy Guidelines to make sure they reflect global changes in technology or legislation which impacts privacy. For the first time, these good practice guidelines include the significant international implications introduced by the General Data Protection Regulation (GDPR), applied to biometrics. They also fill in the gaps often left by GDPR to help you develop good practice on collecting, storing and processing data – responsibly.

We believe our 2019 guidelines are the first comprehensive, universal privacy guidelines for biometrics.

They are the result of extensive monitoring and consultation by our Privacy and Policy Expert Group, which comprises a broad spectrum of privacy experts from around the globe.

These guidelines are universal and applicable to you whether you are a supplier, researcher, operator, purchaser, manager or controller of biometric systems anywhere in the world.

The guidelines, first introduced to Biometrics Institute members in 2006, are made up of 16 principles ranging from non-discrimination to maintaining a strong privacy environment. They also contain a methodology to make planning, implementing and managing them straightforward, regardless of members’ maturity in using biometrics.

In March, we launched our Ethical Principles for Biometrics to guide members to act ethically, in the absence of international law. Our revised Privacy Guidelines reflect that emphasis on ethical action.

The 2019 update has taken into account developments including:

  • The General Data Protection Regulation (GDPR)
  • The increased reach and collection of personal data by social media platforms
  • The growth of artificial intelligence, drones and more sophisticated facial recognition systems
  • The widespread use of biometrics in border control, telecommunications, security and food and medical distribution in displaced persons groups

The guidelines cover:

  • Redress and complaints by people who have suffered discrimination, humiliation or damage as a result of biometric-related systems
  • Stronger privacy protection for data collection by automated systems, especially for minors and those with disabilities
  • Advice on managing subcontractors
  • The role of audits and privacy impact assessments
  • Managing data breaches
  • The right of citizens to have their biometric and record amended or deleted

We encourage you to use these guidelines to either evaluate your current privacy processes or as a tool to ensure you’re asking the right questions of your organisation as you first plan to use biometrics. If there are reasons why you are unable to follow the recommendations, we suggest you document these reasons, creating a robust audit trail for your implementation.  

Our Privacy Guidelines are only available to members. Please log in to our members’ area to read now.

If you are not yet a member, please contact us for more information on all our member benefits.


Lead the debate with us on the
responsible use of Biometrics