While biometric data, such as facial scanning and fingerprints, means you can skip passwords, it can also raise security concerns.
Imagine you’re going to a grocery store and instead of taking out your wallet to pay for your sandwich, you wave your hand over a little scanner.
It may sound futuristic, but every day more than 3 million people in the US give their biometric data to Amazon with this technology.
According to experts, the biometric industry, which got a boost from the COVID-19 pandemic, will continue to grow due to the increasing use of smartphones.
While governments are turning biometric passport And facial recognition at borders – There is no longer any real choice for citizens wishing to retain their personal information – companies that want to collect their users’ personal data must still ask permission.
from your giving Iris scan in exchange for crypto To boarding a train with facial scanWe’ll look at what biometric data is and why you might want to keep it private.
What is biometric data and why is it used?
Biometric data is any data related to your body that can identify you.
While facial recognition and fingerprints are some of the most commonly used features, gait analysis, analyzing a person’s gait, and Amazon’s “palm signatures” also use biometric data.
Apple was one of the first companies to move toward commercial use of biometric data with Touch ID in 2013, giving users the possibility to use their fingerprint to unlock their phone.
Today, it uses the TrueDepth camera for Face ID recognition. A sensor on your phone projects approximately 30,000 invisible points onto your face and creates a unique 3D map captured by an infrared camera. You will be able to unlock your iPhone only if your face matches the map stored on your device.
Essentially, companies in sectors such as security, healthcare, finance and technology are using biometrics because it is more secure than passwords or identity documents.
“Biometric data overcomes some of the problems that occur with passwords,” said Melissa Goldstein, an associate professor at the Milken Institute School of Public Health at George Washington University.
For example, Amazon boasts about its Palm Payment System One, which is “100 times more secure than scanning two irises” and that the company “after millions of interactions between hundreds of thousands of enrolled identities” Haven’t seen false positives. ,
Should you share your biometric data?
According to data experts, giving out personal data is not worrisome in itself, but we need to be concerned about how that information is being used.
Christopher Weatherhead said, “If I’m giving my data specifically to Amazon to process payments and then it’s added to a machine learning model that’s used to develop some other technology, I don’t agree with that.” If I am, I feel betrayed.” Technology lead at Privacy International, a UK-based charity focusing on online privacy.
Last year, the tech giant came under fire for sharing personal data With the police 11 times without user’s consent Because he felt there was an emergency.
Experts also point to the risks of hacking and the fact that once your biometric data is compromised, it is very difficult to change it.
“Biometric means it’s linked to your body and it’s safe because it’s your body. But then once it’s on the database, it’s out,” Goldstein said.
The worst-case scenario involving biometric data involves medical fraud, but according to the professor, the benefits of making a payment with your palm or opening your phone with your finger may outweigh the risk of your data being hacked.
“People are willing to share their data in exchange for what they perceive to be a benefit,” Goldstein told Euronews Next.
“You and I may define benefits differently than other people, so it’s up to each of us to make our own decision about what is a benefit and what is a burden.”
Biometric data in Europe
In Europe, biometric data falls under the General Data Protection Regulation (GDPR), the EU’s data privacy rules.
“Lawful consent is a specific requirement of the GDPR,” said Felix Mikolasch, data protection lawyer at the nonprofit NOYB, the European Center for Digital Rights.
Speaking to Euronews Next, he explained that this means every company collecting data in the EU (even if operating from outside the bloc) must explicitly ask for consent and the approval must be valid.
“Valid consent has specific requirements, it must be free, specific and informed. You need to know what you are consenting to, where this data is going and how it will be used later. Consent must also be able to be withdrawn, and this will include that the data will subsequently be deleted”.
Last year French, Greek, Italian and U.K. Data officers fined each ClearviewA US company is creating a facial recognition database from images on the internet, including social media, after finding it violated the GDPR.
Twitter And no details were given about the collection.