ARTICLE
12 June 2024

Protecting Biometric Data From An AI-Rich Environment

Ka
Khurana and Khurana

Contributor

Khurana and Khurana logo
K&K is among leading IP and Commercial Law Practices in India with rankings and recommendations from Legal500, IAM, Chambers & Partners, AsiaIP, Acquisition-INTL, Corp-INTL, and Managing IP. K&K represents numerous entities through its 9 offices across India and over 160 professionals for varied IP, Corporate, Commercial, and Media/Entertainment Matters.
Explore
Our world is undergoing a transformation as a result of the confluence of artificial intelligence (AI) and biometrics.
India Privacy
Person photo placeholder
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

Introduction

Our world is undergoing a transformation as a result of the confluence of artificial intelligence (AI) and biometrics. While these technologies do offer up new avenues for creativity, they also put us in a position where we face enormous issues regarding our privacy. Biometric data, which is a collection of our individual physical characteristics (such as our fingerprints, face, and voice), has emerged as a strong instrument in the field of artificial intelligence (AI), with applications ranging from the protection of smartphones to the provision of customer support. 2On account of the fact that the phrase "biometric data" is used very often in the current news cycle, it is simple to ignore the extent to which the utilization and gathering of biometric data has gotten widespread. At the present time, it is projected that the worldwide market for biometric data collecting is roughly $30 billion, and it is anticipated that this industry would rise to over $76 billion by the year 2029. The collecting of biometric data has become a regular event in our everyday lives.

This includes the use of face recognition to unlock our phones or pass through airport security, palm scans to pay for groceries, and voice recognition conducted by smart devices such as Amazon Alexa. The United States Department of Homeland Security (DHS) has gathered the face, iris, and fingerprint scans of more than 259 million individuals, which is equivalent to more than 78% of the total population of the United States. This is an indication of the widespread use of biometric data collecting.3

Biometric Data Security, AI-Rich Environment, Privacy Protection, Sensitive ,Information, Data Safeguarding, Threat Mitigation, Cybersecurity, Strategies AI Threats Information Privacy

Advantages of Using Biometric Information

In an ever-changing and fast-paced world, the recently discovered ubiquity of biometric data may be partially explained by the benefits that it offers:

  • Individuals do not need to remember passwords, personal identification numbers (PINs), or carry identification cards since biometric data is an intrinsic part of the individual. This makes it more convenient for individuals.
  • Biometric data offers a higher level of protection than conventional security measures, such as passwords and personal identification numbers (PINs), since it is more difficult to hack or spoof biometric data.4

Risks of biometric data

On the other hand, the very same elements that make biometric data so beneficial also give rise to significant problems, and the improper use of biometric data may have very detrimental effects.

The key to your digital identification is the information that is taken from your biometrics. In the event that it is compromised, it opens the door to a wide variety of possible dangers:

  • Theft of identity - unlike passwords, you are unable to update your biometric data; if hackers are successful in gaining access to your biometric data, they will have a key that they may use to impersonate you eternally.5
  • In the context of surveillance and monitoring, biometric data may be used for surveillance without authorization, which can result in a significant violation of an individual's right to privacy.
  • Because of the abuse of this technology, governments and organizations have the ability to follow the movements, activities, and behaviors of people without obtaining their agreement.6
  • Deep fakes and misinformation – Deep fake technology, which makes use of artificial intelligence and biometric data, may make it possible for cybercriminals to create highly realistic images or videos of people saying or doing things that they have never done. These images and videos can be used to spread misinformation, manipulate public opinion, or even falsely incriminate individuals.7

Trust is the foundation of biometrics.

In many cases, the utilization of biometric data is contingent upon a two-way exchange between individuals and third parties. Individuals provide their agreement to have their biometric data gathered and used, and third parties guarantee that the obtained biometric data will only be utilized for approved reasons. In the event that this trust is violated and third parties utilize biometric data for purposes that are not allowed, what consequences would ensue? Moreover, even if you have faith in the organization that is collecting your biometric information, are you able to have faith in all of the partners that they share data with? 8

Considering that we are progressively putting our personal biometric data in the hands of technology powered by artificial intelligence, we are confronted with a fundamental question: how can we protect our most private information in the digital realm? The solution could be found in the intricate interplay between intellectual property and data privacy.9

Present Regulatory Environment

In many cases, the technological frontiers are much ahead of the related legal environment, and the field of biometrics is not an exception to this rule. In the present moment, there is no comprehensive federal rule that oversees the collecting and use of biometric data. Instead, the states have been given the responsibility of enforcing regulations in this particular domain. Legislation that covers the collecting and use of biometric data by private organizations has been enacted in the states of Illinois, Texas, and Washington. As an example, the Illinois Biometric Information Privacy Act (BIPA) mandates that organizations that collect, utilize, and keep biometric data must comply with a number of restrictions and standards. 10Additionally, the Biometric Information Privacy Act (BIPA) provides people and entities the ability to pursue a private action in order to recover damages from organizations that collect biometric data in the event that these entities do not comply with the laws and standards of the BIPA. Entities are compelled to comply with the patchwork of laws that is supplied by the states since there is no overarching federal framework that covers biometric data from the federal government. In spite of this, several states have based their own laws after the Biometric Information Privacy Act (BIPA), which was the first comprehensive state legislation to cover biometric data. Furthermore, at this point in time, the Biometric Information and Privacy Act (BIPA) is the state law that is the most limiting in terms of the collection, use, and storage of biometric data. As a result, on a more practical level, and rather than revising biometric collection rules state by state, some businesses have chosen to comply with BIPA across all jurisdictions where biometric data is collected and utilized. This is because compliance with BIPA may assure compliance across all states (at least for the time being).11

An Unusual Method: - Handling Biometrics as Confidential Information

A number of legal academics have proposed that biometric data be treated in the same manner as intellectual property (IP) by using the legal framework that governs trade secrets. A treatment of this kind might be used to address the collecting of biometric data and to enable private rights of action for damages in addition to or as an alternative to laws enacted at the state and/or federal level. 12The treatment of biometric data within the context of trade secrets has the potential to transform the approach to the processing and storage of biometric data in a number of significant ways, including the following:

  • Access to biometric data may be severely limited, similar to the way that trade secrets are protected. It is possible that this will result in strict controls on who may access the data and when, as well as hefty penalties for accessing or using the data without authorization.
  • In the same way that trade secrets are safeguarded for an infinite period of time, biometric data safeguards would not have a time limit attached to them. This protection may continue to be in effect long after users have stopped utilizing a particular service or platform.13
  • Businesses have the ability to file a lawsuit for damages in the event that their trade secrets are stolen or exposed. A large amount of legal remedy would be available to people in the event that their biometric data were mistreated if the same status were applied to biometric data.
  • Some industry experts have voiced worry that the framework for trade secrets may not be suitable for the protection of biometric data, despite the fact that this unique technique seems to offer a number of benefits.14

Disadvantages of Biometrics Law Enforcement

When it comes to the practical side of things, the responsibilities to limit access to trade secret information are in direct opposition to the requirements that some businesses have to exchange and access biometric data in order to train artificial intelligence models or for other allowed reasons.

Second, since people are the ultimate owners of their biometric data, classifying a person's biometric data as a company's trade secret may expose corporations to the requirements of trade secret legislation without the customary advantages of exclusively holding the underlying intellectual property. 15

This is because individuals are solely responsible for their own biometric data. In the end, our growing relationship with artificial intelligence and data privacy will need us to reconsider the manner in which we legally classify and preserve biometric data. In the race toward the future, it is essential to advocate for and contribute to the formation of legislation that strike a balance between privacy and innovation.

At the same time as we are at the forefront of the next major wave of artificial intelligence innovation, we are also responsible for leading the charge in ensuring that it continues to be fair, egalitarian, and respectful of the people it serves.16

Footnotes

Utkarsh Singh Kachhawaha [Fourth Year BBA LL. B (Hons in IPR), School of Law, UPES Dehradun.]

2. "AI and Privacy: Safeguarding Data in the Age of Artificial Intelligence" https://www.digitalocean.com/resources/article/ai-and-privacy.

3. Vasilchenko A, "AI Biometric Authentication for Enterprise Security" (MobiDev, January 23, 2024) (https://mobidev.biz/blog/ai-biometrics-technology-authentication-verification-security)

4. Alex Vasilchenko, "AI Biometric Authentication for Enterprise Security" (MobiDev, January 23, 2024) (https://mobidev.biz/blog/ai-biometrics-technology-authentication-verification-security).

5. "The Real Risks of Biometric Authentication - Spiceworks" (Spiceworks, July 12, 2023) (https://www.spiceworks.com/it-security/identity-access-management/guest-article/the-real-risks-of-biometric-authentication/).

6. Risks & Benefits of Biometrics in Security

https://www.softwaresecured.com/post/risks-and-benefits-of-biometrics-in-security.

7. Mitek, "What Are Biometrics in the Digital World | Mitek" (November 10, 2022)

https://www.miteksystems.com/blog/advantages-and-disadvantages-of-biometrics.

8. Security Magazine

https://www.securitymagazine.com/articles/98110-biometrics-as-a-foundation-of-zero-trust-how-do-we-get-there.

9.Yasmineteruel,:Enhancing Customer Trust with Biometrics

(Facephi, June 2, 2023) (https://en.facephi.com/blog/enhancing-customer-trust-with-biometrics/).

10. Ethical and Regulatory Considerations in the Collection and Use of Biometric Data (orfonline.org) (https://www.orfonline.org/research/ethical-and-regulatory-considerations-in-the-collection).

11. Biometric Data | Identification for Development

(https://id4d.worldbank.org/guide/biometric-data).

12. The Basics, Usage, and Privacy Concerns of Biometric Data

(Thomson Reuters Legal, July 20, 2022) (https://legal.thomsonreuters.com/en/insights/articles/the-basics-usage-and-privacy-concerns-of-biometric-data).

13. Ali Ismail Awad,: From Classical Methods to Animal Biometrics: A Review on Cattle Identification and Tracking (Computers and Electronics in Agriculture, April 1, 2016)

https://doi.org/10.1016/j.compag.2016.03.014.

14. Biometrics and Privacy - Issues and Challenges - Office of the Victorian Information Commissioner (Office of the Victorian Information Commissioner, October 6, 2022)

https://ovic.vic.gov.au/privacy/resources-for-organisations/biometrics-and-privacy-issues-and-challenges/.

15. Top 8 Advantages and Disadvantages of Biometric

(M2SYS Blog on Biometric Technology, February 14, 2022)

https://www.m2sys.com/blog/guest-blog-posts/top-8-advantages-and-disadvantages-of-biometric/.

16.Advantages and Disadvantages of Biometrics Switches

(Schneider Electric, May 30, 2023)

https://eshop.se.com/in/blog/post/advantages-and-disadvantages-of-biometrics-switches.html.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Utkarsh Singh Kachhawaha
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More