Beyond fingerprints: Iris scan as biometric identification in an AI-dominated world

Beyond fingerprints: Iris scan as biometric identification in an AI-dominated world

Beyond fingerprints, the iris scan as biometric identification has emerged as one og the highly reliable options within the biometric data area.

The use of fingerprints by police forces dates back to the end of the 19th century, marking a milestone in the history of criminal investigation. Since then, fingerprint identification has been a fundamental tool in solving crimes and identifying people all over the world, becoming the recognition method par excellence in police environments.

Beyond this field, we can find this method of identification implemented in certain companies, workplaces or even gyms.

Fingerprints are defined as biometric data, considered as special category data in accordance with the GDPR. Although the processing of biometric data is a priori restricted by Article 9.1 of the GDPR, its processing is accepted when the data subject gives his consent or when the processing of such data can be based on specific grounds such as ”for reasons of public interest in the field of public health” or ”for reasons of public interest in the field of public health”.

What is biometric identification?

Biometric identification is an advanced technological system that relies on the use of an individual’s unique physical traits or behaviors to accurately verify his or her identity.

Unlike traditional passwords or ID cards, biometric identification uses inherent characteristics of individuals such as fingerprints, iris, facial recognition, voice or even handwriting patterns to authenticate people.

This method offers greater security reliability, as it is extremely difficult to forge or steal, and has found applications in a variety of fields, from IT security and access control to identity management and fraud prevention.

Biometric identification methods and legal requirements

Among the most common methods are fingerprint identification; facial recognition, which uses algorithms to identify distinctive facial features such as the arrangement of eyes, nose and mouth used in video surveillance cameras in certain countries; retina or iris identification is based on the unique patterns in the colored part of the eye; or voice recognition evaluates features in speech, such as frequency and pitch.

Even handwriting can be used as a biometric method, analyzing the strokes and speed of a person’s handwriting.

The legal requirements for using biometric identification methods may vary depending on the purpose of the processing and the basis of legitimacy for the processing.

First, and with few exceptions, the informed consent of the individuals whose biometric data is to be collected and used is required. This means that individuals must be fully informed about how their biometric data will be collected, stored and used, and must give their voluntary consent for their data to be processed.

Secondly, the collection and use of biometric data requires organizations that collect and store such data to ensure that these data are protected and that applicable privacy regulations are complied with.

Among the obligations set out therein are transparency and duty of disclosure in relation to how biometric data is collected and used. This includes providing clear information on the purpose of collection and how the data is stored and used.

Ensuring the rights of Individuals so that their data subjects can exercise their rights under the GDPR, i.e., among other rights, to request access, correction or deletion of their biometric data if they so wish.

The iris as biometric identification: legal implications

Retinal identification is an advanced biometric method based on the unique pattern of a person’s retina. This technology uses specialized devices to capture a high-resolution image of the retina, which is then analyzed and stored for later comparison and verification.

Due to the complexity and uniqueness of retinal patterns, retinal identification is extremely accurate, difficult to forge and, because it requires the collaboration of the individual for scanning, a priori, less vulnerable to theft by physical attack.

Moreover, this technique is especially useful in situations where high security is required, such as in national security environments or in applications for access to critical facilities.

It is precisely the high reliability of identification that has encouraged Sam Altman, creator of OpenAI, to propose retinal identification as a solution for humans to be distinguished from Artificial Intelligence.

As Artificial Intelligence advances, the ability to imitate human behavior becomes more complex and, therefore, credible. Just look at some of the many deepfakes that use the image or even the voice of celebrities to emulate cover versions of songs that they have never actually sung.

Beyond this, there are already AI applications that can identify passwords typed only with the sound of the mobile keyboard, with an accuracy of up to 95%.

Worldcoin, defined as a ”decentralized Open Source Protocol” founded with the aim of being a financial and identity network, is developing a new universal private digital identification system. It currently offers free iris scanning for new users in exchange for a free token.

The identification system uses a device called ”Orb” to scan people’s retinas quickly and easily. Once the person’s retina is scanned, their digital identity is created on the Worldcoin blockchain, called World ID.

Some of the risks that have been warned about are the possible tracking of people and their activities by being associated with their digital identity, discrimination against certain groups of people with physical disabilities, among others.

Despite obvious privacy and intimacy risks and an unreported security breach last May by WorldCoin that led to access to the World IDs of registered individuals, more than 2 million users have already given their consent to process their biometric data in exchange for a Worldcoin token.

This digital identification will allow them to verify that they are physical and human persons and not an artificial intelligence.

In short, biometric data is a useful tool to proceed to the identification of persons, however, it is necessary to carry out an assessment and implement the adequate measures to comply with privacy regulations in relation to the processing of this data.

At Letslaw by RSM we are expert lawyers in privacy and data protection, so we will be happy to help you solve any doubts you may have in this regard.