MPs to assess potential future use for biometric data

Out-Law News | 14 Aug 2014 | 11:32 am | 1 min. read

The way in which biometric data could be put to use in future is to be scrutinised by a UK parliamentary committee.

The Science and Technology Committee said its inquiry would look at whether research in "biometric technologies" needs better government support and whether existing legislation effectively governs "the ownership of biometric data and who can collect, store and use it".

The Committee said it was seeking responses because more businesses are developing and using biometric data and associated technologies. This trend will continue as "finance costs" and "computational resources" required for their development and use decrease, it said.

"Some commercial uses are already mainstream," the Committee said. "Social media sites offer facial recognition software to assist users tagging uploaded photos, while accessing some mobile phones depends on fingerprint recognition rather than entering a passcode. Supporters contend that technologies relying on biometric data have transformed identity authentication. However, concerns continue to be raised about data protection, loss of privacy and identity theft."

The Committee said use of biometric data for authenticating individuals' identity has been predominantly used by government authorities for "security purposes", including restricting computer network access and tackling fraud.

It has asked for views on how biometric data "might ... be applied in the future" and on what the main challenges the government and industry faces in "developing, implementing and regulating new technologies that rely on biometric data". The adequacy of existing legislation and the importance of government identifying priorities for research into biometric technologies are also areas that the Committee is keen to hear views on.

Submissions to the inquiry can be made until midday on 26 September.

Guidelines issued by the UK government earlier this year envisages the use of biometric data in helping to verify individuals' identity prior to authorising online transactions for government services.

A report by Visa last year similarly identified the potential use of "biometrics" measurements to enable the automatic identification of individuals seeking to make digital payments. Guidance issued by the European Central Bank (ECB) on internet payment security this February gave credence to that view when it suggested fingerprints could be used to identify individuals during an identity proofing process and relied on to signal authorisation for transactions.

Last year a cyber security body in the US, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), identified vulnerabilities in passwords used to access medical devices. It said passwords could be strengthened by requiring biometric information as part of the user authentication process.