ABSTRACT
The rapid and continuous advancement of biometric technologies, from fingerprint recognition to facial scanning and DNA testing, has revolutionized security, verification and identification systems in various sectors. But the collection and use of biometric data has risen many privacy concerns of serious nature and is also been misused. Use of the biometric data should be done in such a way that no one‟s privacy is breached. It cannot be misused in any way. Nowadays the use of biometric data is a big concern and also an area of discussion when these data can be protected in a significant manner. This paper will deal with the concept of biometric data and the types of biometric data, along with its use. Further the thorough analysis like Personal Data Protection Bill, General Data Protection Bill and other specific regulations, this paper will explore the complexities of biometric data protection. This paper will strike the balance between leveraging biometric technology for security and the protection of individual rights. Further how the biometric system works in India along with the legal challenges faced and its impact on the individual‟s privacy.
At last the paper will cover the challenges enforcing the Biometric Data Protection. It will argue for the stronger legal framework and regulatory mechanisms to ensure that biometric data is collected and used properly. It will provide the balancing invocations and legal safeguard for regulating biometric data.
KEYWORDS
Biometrics, Biometric Data, Privacy, Data Protection, Privacy Rights, Data Protection Laws, Data Security, Legal Frameworks.
INTRODUCTION
Biometric data have become an important tool for identity verification and security in the digital era, it is also useful for unlocking the smartphones and have access to various services. There are many ways to identify the people on the basis of facial recognition, fingerprints, iris scans etc. the incorporation of biometric technologies have improved security and convenience, it has also given rise to serious concerns about misuse, privacy and data protection. The government and private entities gather and store the sensitive data on a growing scale. So the legal frameworks governing the collection and storage of biometric data have become more important.
The study examines current laws, legal issues and how to strike a balance between the need for security and every individual‟s right to privacy as it relates to biometric data. It attempts to provide a detailed overview of the protection of biometric data, the legal gaps which exists and the ramification for individuals and organizations by analyzing the different national and international legal frameworks.
RESEARCH METHODOLOGY
In the light of aforementioned abstract, the Doctrinal Research Design will be adopted. This doctrinal research design will be used to conduct the study on the „Biometric Data and Privacy: Legal Perspective‟. The researcher will use a theoretical review on the topic by using relevant materials and its findings and other needful sources from the internet.
REVIEW OF LITERATURE
- Jain, A.K. Ross. A., & Pankanti, S. in the paper “Biometrics: A tool for Information Security” in his paper explores the role of biometrics in enhancing information security, emphasizing privacy concerns and the legal challenges associated with the collection and use of biometric data.1
- Chhabra, P. & Agrawal, R. in the paper “Privacy Implications of Biometrics Data; A legal Perspective” focuses on the legal implications of biometric data collection, discussing various privacy laws and regulations worldwide.2
- Black, J., & Sterling, L. in article named “The legal Framework for Biometrics: Privacy and Data Protection” provides a comprehensive overview of the legal frameworks governing biometric data, including data protection regulations, privacy rights, etc.3
BIOMETRICS
Number of technologies fall under the umbrella of the biometrics, which employs probable matching of identity of an individuals based on their biometric features. The characteristics or types of biometrics include psychological traits like fingerprints, face, hand etc. and behavioral traits like signature etc. The characteristics of biometrics are very unique to every individual. There are various other verifications like passwords, PINs, ID cards which are very less successful and can be less dependable rather than biometric data like facial recognition, fingerprints, etc. These biometric data are very difficult to share, replace or misplace. They are very useful in authentication and identification process.
1 Jain, A.K. Ross. A., & Pankanti, S., Biometrics: A tool for Information Security, IEEE Transactions on Information Forensics and Security, 2006
2 Chhabra, P. & Agrawal, R., Privacy Implications of Biometrics Data; A legal Perspective, Journal of Law, Technology & Policy, 2018
3 Black, J., & Sterling, L., The legal Framework for Biometrics: Privacy and Data Protection, Journal of Law and Information Technology, 2017
IMPORTANCE OF BIOMETRICS:
Biometric plays a very important role in the following ways;
- Authentication: Identity authentication is frequently accomplished through the use of biometrics. A few instances of this are the usage of facial recognition technology at airport smart gates or fingerprints and facial recognition to unlock the smartphones. The other term for authenticating people using biometrics is one-to-one matching. In this the person‟s biometric characteristics are compared to the data which the system has already on file for the individual. This is mostly used to identify the accused in crime. In this case the person has given the biometric data in the past for the sake of the future authentication. When the person makes to conversation with any organization or service, their biometric information is gathered and verified in the background. The example of this can be that when the person speaks with a customer support agent on the phone, their voice biometric may be gathered and verified. Majority of biometric authentication system require the user to actively provide a biometric feature, which is afterwards compared to pre-existing biometric data in the data base.
In the authentication use, the passive authentication is also possible. The use of behavioral biometrics for the passive authentication is growing frequently as a security measure. This entails monitoring and recording trends in a person‟s movements, behaviors or physical use. This includes the way anyone handles and manipulated a device like phone or any other thing where they are used to tap the screen with the help of their fingers.
- Identification: Sophisticated technology called biometric identification uses a person’s distinctive bodily traits to confirm their identity. Usually, the procedure entails taking a biometric sample, such a fingerprint or a facial feature, and comparing it to a database that has previously recorded biometric data. Complex algorithms that can precisely match the biometric data to a person’s identification are used for this comparison. In criminal investigations, law enforcement frequently uses biometric identification to identify suspects. For instance, the identification of a suspect can be ascertained by using face recognition technology to match photographs of the suspect taken from CCTV video with a database of known offenders. In a similar vein, suspects can be identified by fingerprint recognition technology by having their fingerprints compared to a database of known
offenders. By matching the biometric information of victims of terrorist attacks or natural catastrophes with a database of missing people, it may also be utilised to identify such individuals. High levels of security and precision are offered by biometric identification systems in a variety of applications, such as national registries, border control, and law enforcement. A biometric identification system’s parts function as a whole to offer a dependable and safe identifying procedure.
TYPES OF BIOMETRIC IDENTIFICATION SYSTEM:
FINGERPRINTS RECOGNITION: The most widely used biometric identification system is one that uses fingerprint recognition technology. It recognises individuals based on the distinct ridges and valleys on their fingers. The minutiae points, or the places where scars start or end, are used to find fingerprints stored in the system. To create a minutiae template, these are further mapped with lines connecting them. The fingerprint is captured by the system, which then compares it to a template that has been saved.
FACIAL RECOGNITION: face traits, such the separation of the eyes, nose, and mouth, are used by face recognition systems to identify people. It takes a picture of the face and contrasts it with a template that is saved. These days, face recognition technology is used all over the world for a wide range of purposes, from personal protection and onboarding to identifying people in large crowds.
IRIS RECOGNITION: Iris recognition is an automated biometric identification technique that uses distinctive patterns seen in a ring-shaped area around each eye’s pupil. It is a very low false match rate identification approach that is incredibly accurate and dependable. According to NIST tests, Innovatrics’ iris identification algorithm is among the finest in the world.
RETINA RECOGNTION: Retinal recognition is a biometric system that identifies a person based on the distinct patterns on their retina. Through the use of an eyepiece on a scanner, an invisible beam of infrared light is projected into the eye to take an image of the retina using retina recognition technology. Retinal recognition technology is regarded as one of the safest biometric identification techniques. Applications for retinal recognition technology include law enforcement and border control. However, because of its high cost and requirement for specialised equipment, it is not frequently utilised.
- Security: Biometric security is a contemporary technique for identification and authentication that verifies an individual identity using different physical characteristics like facial recognition, iris, fingerprints etc. As these different qualities are very difficult to fake or duplicate, the biometric security systems are extremely depended in verifying a person‟s identity. Biometric security is an emerging revolutionary technology in the field of identification and authentication. Compared to other identification techniques like Passwords, PINs, ID cards etc., the biometrics are very unique and very hard to duplicate. The biometric security offers a practical and effective method of authentication. Only with the touch or scan the people can easily enter into any private spaces or devices without any need of physical tokens or passwords. These types of security will reduce the fraud or any identity theft in addition to saving the time and also helps in reducing the stress or remembering many passwords. The biometric security system requires multiple steps to operate. Basically the system uses experienced sensors or scanners to get an individual‟s biometric data. After this process the data is turned into a digital template, which further is used to create a different mathematical representation of the individual‟s biometric characteristics. For future use this template is safely kept in a data base. Whenever there is a need of an authentication, the system looks for the matches between the stored template and the sample that is presented. If both of them match, then the person is given access or verification.
The best illustration for biometric security is; if to enter into a secure building or unlocking a smartphone with using your fingerprints. The technology reads the fingerprints, than it compares with the template which was saved in data base and then the access is allowed if there is a match. The benefit of this is it removes the need to carry cards or to remember difficult passwords. To expedite the immigration process these techniques are used in the airports. Facial recognition can quickly verify the identity and improve border security by matching a traveler‟s face to their passport photo.
PERSONAL DATA PROTECTION BILL AND GENERAL DATA PROTECTION BILL:
The GDPR, which came into force in 2018 and applies to all entities that process personal data of individuals in the EU or offer goods or services to them, is widely considered as a comprehensive and progressive framework for data protection that balances individual rights with business interests. While there are some similarities between the Indian bill and the GDPR, such as with regard to the definition of personal data, the principles of data processing, the rights of data subjects, and the establishment of a supervisory authority, there are also some significant differences. State agencies and other public authorities are required to acquire consent and comply with all other regulations under the GDPR; there are no exemptions from this need. In addition, the GDPR offers legal recourse for any decision or action made by state agencies or supervisory bodies that impacts the rights of individuals.
The GDPR gives no authority to ban any platform that disobeys its rules. Rather, to guarantee compliance and settle disagreements, it depends on communication and collaboration between supervisory authorities and data controllers or processors. When information comes to extraterritorial application, the GDPR is more expansive than the Indian law. The GDPR covers organisations that process personal data of individuals as well as those who provide products or services to people in the EU or keep an eye on their activity. Regarding several elements of data protection, including data protection by design and by default, impact assessments, reporting of data breaches, codes of conduct, and certification procedures, the GDPR contains more precise and thorough rules than the Indian law.
The PDPB 2023 does not provide the data principal the right to data transfer or the right to be forgotten, in contrast to the GDPR. In the event of non-compliance, the GDPR levies severe fines of up to 4% of worldwide annual revenue or 20 million euros, whichever is larger. But under the PDPB 2023, penalties for failing to implement security measures to stop data breaches may be double that amount, at the very least. There is no definition of anonymised or de-identified data in the PDPB 2023. However, it may be concluded that anonymised data is not included in the definition of personal identification, which is defined as “any data about an individual who is identifiable by or in relation to such data.” A bit more usefully, the GDPR makes this clear and also lists the criteria to take into account when figuring out whether or not someone may be fairly recognised.
SUGGESTIONS
You can see that there is a complex legal web to manage if biometrics are used in your organisation. The following are the salient points. Make sure all of your business correspondence is securely preserved, particularly if it includes biometrics. People should be informed when you acquire biometric data and about the intended use of such data. Asking for express approval is preferable whenever it is possible. Finally, do not provide biometric information to any outside parties. Laws protecting biometric privacy are continually developing and growing. Stay informed on changes occurring at the state and federal levels.
There are several pragmatic and policy concerns when biometric technology are used to boost national security. Selecting the appropriate technology is crucial in order to fulfil the objectives and privacy demands of a particular application. People must not instill a false feeling of security in biometric systems in order for them to offer security. The technology’ shortcomings and limitations must be recognised, and solutions must be taken into account. It is not possible to view the systems as the ideal security instrument and consequently the ideal resolution. Instead, biometrics—whether used in one layer or multiple—are just one more instrument in a multi-layered security strategy. They are not a cure-all, but they may be very helpful in defending the United States of America, thus they shouldn’t be maligned as bad technology.
CONCLUSION
India‟s new privacy bill is a welcome step towards safeguarding the privacy rights of its citizens in an increasingly digital world. However, it also raises some concerns about its potential impact on civil liberties and online freedom. It remains to be seen how it will be implemented and enforced, and how it will compare to other global standards such as the GDPR in practice. That said, when it comes to data protection, it is never too early to start limiting personal data collection to what you absolutely need and to fully understand what kinds of personal data you have in your systems. Private AI can help accurately identify and redact personal data in 49 different languages from text, audio, documents, and images.
Strict legislative frameworks are desperately needed to protect people’s right to privacy in light of the legal issues surrounding the usage of biometric data in India. The difficulty is in addressing these issues as biometric technology develops and becomes more widely used in several industries. India would adequately assure maximising the benefits flowing from biometric data while being dedicated to the preservation of privacy and raising data protection standards if it could walk the tightrope of negotiating this legal quagmire. The use of biometric data in India will ultimately depend on how well this delicate balance is maintained, with the country leading the way in innovation and building confidence in the digital space. In this instance, India’s deployment of strong regulatory initiatives, such as those pertaining to data protection, consent, and transparency, can strike a balance. This should include precise instructions on how biometric data is to be collected, stored, and shared. Additionally, a body that oversees compliance and addresses violations or improper uses of this private data might be established. By taking this action, India lays a solid platform for the appropriate use of biometric data, guaranteeing that individual privacy rights are not negatively impacted while preventing technological advancement.
REFERENCES:
- Jain, A.K. Ross. A., & Pankanti, S., Biometrics: A tool for Information Security, IEEE Transactions on Information Forensics and Security, 2006
- Chhabra, P. & Agrawal, R., Privacy Implications of Biometrics Data; A legal Perspective, Journal of Law, Technology & Policy, 2018
- Black, J., & Sterling, L., The legal Framework for Biometrics: Privacy and Data Protection, Journal of Law and Information Technology, 2017
- Personal Data Protection Bill, 2023
- General Data Protection Bill
6) https://link.springer.com/chapter/10.1007/978-94-007-7522-0_3
7) https://www.legalserviceindia.com/legal/article-16240-understanding-our-biometric-and- privacy-laws-.html
Aakanksha Rajdev Marwadi University.