Use of biometrics. The Amazon case

Use of biometrics. The Amazon case

Technology advances relentlessly, and our body is already a tool to do things that were unthinkable a few years ago, among them, that some part of our body acts as a password to perform an economic transaction, access facilities or applications.

It would seem that this use of biometric data would only bring benefits to our daily lives. but, as on other occasions, we have shown that this is not always the case.

To use our biometric data is to leave the door open to our privacy, and thus, to our security.

Data protection regulations

Recall that biometric data are considered as special category personal data (specially protected), by the EU Data Protection Regulation 2016/679 (hereinafter, GDPR) and the Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights (hereinafter, LOPD – GDD), according to the provisions of Articles 9.1 of the GDPR and 9.1 of the LOPD – GDD.

Special category data are exempted from being processed, unless one of the following hypotheses is contemplated:

Thedata subject gives his explicit consent to such processing, in accordance with the purpose specified by the Controller.

Theprocessing is necessary for the performance of obligations and the exercise of specific rights of the controller or the data subject in the field of labor law, social security and social protection, while respecting the fundamental rights and interests of the data subject;

-Processing isnecessary to protect vital interests of the data subject.

Theprocessing of data of members of a foundation, an association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided that they are not communicated outside them without the consent of the data subjects;

Whenthe personal data is already public by the data subject with the consent of the data subject;

Theprocessing is for the purpose of formulating, exercising or defending claims or when the courts act in the exercise of their judicial function;

Theprocessing is necessary for reasons of essential public interest, respecting the limits imposed by data protection regulations and protecting the interests and fundamental rights of the data subject;

Theprocessing is necessary for occupational risk prevention purposes.

Theprocessing is necessary for reasons of public interest in the field of public health, protecting the rights and freedoms of the data subject, as well as professional secrecy;

Theprocessing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, respecting the limits imposed by data protection regulations and protecting the interests and fundamental rights of the data subject.

The AMAZON case

The industrial giant Amazon has just implemented in its Stores Amazon Go stores as a payment method, taking a step further in the use of biometric data as a gateway to our patrimonial data, as this palm reading is directly linked to a record of our bank account or credit card.

The reason given by the company is based, on the one hand, on a reason that accompanies the global pandemic situation, since the reading of the hand avoids any contact with the reading device or with the people in the store where the purchase is being made.

On the other hand, in addition to convenience (which is a reality), there is security, since with hand reading, it is not possible to identify the person at first glance, as is the case, for example, with facial recognition.

The use of biometric data for shopping or any other activity (opening the car, shopping at the supermarket, banking, etc.) that requires our consent or authorization is, according to Amazon, the nearest future and already a reality in the U.S. and Asia, since in these places the data protection regulations are not as strict as in Europe (let’s remember the case of Facebook vs. as the best example of this).

AEPD’s position

On June 23rd of this year, the AEPD published a Technical Note on the “14 misconceptions regarding biometric identification and authentication”, in which it clearly states the risks of using biometrics as an additional security measure for our actions, since in most cases it exposes us more than anything else, since a biometric data says much more about us than what we can see at first glance.

The Agency also warned in this publication that biometric authentication systems are easily circumvented or breached, contrary to popular belief, with the consequences that this can have:

-Identity theft

-Reputational damage

-Economic or property damage

Lossof confidentiality

Given that biometric data are nowadays more than just an identifier of our person, since they can also provide a profile of the person (consumption habits, purchasing power, sexual preferences, leisure, politics, etc.), the control body recommends combining the use of biometric data with another security element, whenever possible.

This security measure generates a double authentication system, since a security breach may occur in the reading of biometric data, but it is also unlikely to happen if the need to use a combined password or access card has been implemented, thus being a strong security system.

Data Protection Valencia / LOPD Valencia

If you have any doubts about how the use of biometric data of customers, employees, visitors, etc. will affect your company, do not hesitate to contact us. We are experts Data protection company in Valencia / LOPD company in Valencia.

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]WE HELP YOU[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!