Joris DeeneThe use of biometrics has been on the rise recently. In particular, access control for buildings or devices is increasingly done through facial recognition or fingerprints.
The General Data Protection Regulation (GDPR) designates such data as personal data and specifically defines biometric data in Article 4, 14° as "personal data which result from a specific technical processing with respect to the physical, physiological or behavioral characteristics of a natural person such that unambiguous identification of that natural person is possible or confirmed, such as facial images or fingerprint data."
Higher protection is accorded to such biometric data as Article 9.1 labels them as a special category of personal data. Accordingly, such data may be processed only if special conditions are met.
On December 6, 2021, the Data Protection Authority (GBA) a recommendation On the processing of biometric data.
In this recommendation, the GBA focuses primarily on:
- the principles regarding biometrics;
- The relevant data protection principles; and
- how these principles are applied to such processing operations.
It follows from the analysis of the GBA that since there is no legal standard in Belgian law authorizing the processing of biometric data for the authentication of individuals, and insofar as explicit consent cannot be invoked, such processing currently takes place without a legal basis.
How can we assist you as a lawyer?
Are you planning to process biometric data and in doubt about the lawfulness of such processing? We will assist you as a lawyer and give you advice on this matter.
Dutch 
English
Post comments