Recent searches
Search options
. @PrivacyPros@twitter.com #DPC22 session on Behavioural Biometrics starting now, featuring @EU_EDPS@twitter.com, @MoFoLLP@twitter.com's Lokke Moerel, @VivienneArtz@twitter.com & @ICOnews@twitter.com's @stephenbonner@twitter.com. Predicted focus is on authentication, but also relevant for other use cases, including Virtual and Augmented Reality 
Behavioural biometrics are patterns in human activities (e.g. keystrokes), while biometric data are bodily features (e.g. fingerprints). Can the former be seen as unique to an individual, rendering him/her identifiable? Could be used for authentication if combined with other data
Do they qualify as special categories of data under Art 9 GDPR? Not as biometrics, according to Moerel. @stephenbonner@twitter.com still sees them as highly sensitive, drawing from @ICOnews@twitter.com's recent guidance, notably if they allow inferring other types of special category data like religion
But having some behavioural biometrics falling off of Art 9 allows beneficial uses like fraud detection on the basis of legitimate interests, says @stephenbonner@twitter.com. @VivienneArtz@twitter.com calls for certainty on the definition of biometrics to legitimize good practices, applauding @ICOnews@twitter.com
Now, the @EU_EDPS@twitter.com stresses that the GDPR definition is contextual to data protection. He adds that operations on biometric data should be considered risky, also given the potential for interoperability and repurposing (e.g. EU large scale databases for migration control)