𝐁𝐢𝐨𝐦𝐞𝐭𝐫𝐢𝐜 𝐃𝐚𝐭𝐚 𝐨𝐟 𝐄𝐦𝐩𝐥𝐨𝐲𝐞𝐞𝐬 𝐢𝐧 𝐈𝐧𝐝𝐢𝐚- 𝐀 𝐆𝐫𝐞𝐲 𝐀𝐫𝐞𝐚 𝐮𝐧𝐝𝐞𝐫 𝐃𝐏𝐃𝐏𝐀,𝟐𝟎𝟐𝟑
The biometric data is stored by every employer for entry into premises and/or for marking presence on any given day in almost every organization.
Recently, the Italian Supreme Court held that it is necessary to obtain specific consent from employees for the use of biometric detection tools within companies.
Indian DPDPA,2023 is no exception to such requirement in as much as identified includes identifiers as well.
It is pertinent to understand that biometric data is often considered a “grey area” under data protection regulations due to its sensitive and unique nature. Biometric data refers to the physical and behavioural characteristics of an individual that can be used to identify or verify their identity. This can include fingerprints, facial recognition, iris scans, voice patterns, and even behavioural biometrics like typing patterns or gait analysis.
The sensitivity of biometric data arises from its potential permanence (biometric characteristics rarely change over time), its uniqueness (each individual’s biometric data is distinct), and its link to a person’s identity. Because of these factors, the processing and storage of biometric data raise specific challenges and concerns in the realm of data protection:
- Inherent Sensitivity: Biometric data is considered sensitive personal data because it is intimately tied to an individual’s identity. Un-authorized access or misuse of this data could lead to identity theft, fraud, or significant privacy breaches.
- Risk of Irreversible Breaches: Unlike passwords or PINs, biometric data is not easily changeable. Once compromised, an individual’s biometric data could be misused indefinitely.
- Consent and Control: Obtaining informed and explicit consent for processing biometric data is crucial due to its sensitivity. Individuals should have a clear understanding of why their biometric data is being collected and how it will be used.
- Security: The security measures for storing and transmitting biometric data must be robust. Encryption, secure storage, and authentication protocols are essential to prevent data breaches.
- Potential for Profiling: Biometric data can enable detailed profiling and tracking of individuals, raising concerns about surveillance and individual privacy rights.
- Cross-border Considerations: International transfers of biometric data are subject to strict regulations, especially when data is transferred to jurisdictions with different data protection laws.
- Biometric Template Storage: Some systems store a mathematical representation (template) of biometric data, rather than the actual data. However, there are still concerns about the security of these templates.
- Emerging Technologies: As biometric technology evolves, new concerns and challenges may arise. For example, deepfake technology could potentially be used to replicate someone’s biometric data.
Because of these complex considerations, Organizations that collect and process biometric data need to carefully navigate these regulations, ensure strong security measures, obtain appropriate consent, and prioritize transparency and individual rights. It’s important to stay informed about the evolving legal landscape surrounding biometric data and take a well informed legal guidance to ensure compliance.
It is time for Indian companies to have specific consent for specified purposes amongst many other explicit consent of usage and processing of data of employees.
For any query or feedback, please feel free to get in touch with dataprivacy@amlegals.com or mridusha.guha@amlegals.com
Navigation
Practice Areas
© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.
