Emerging Biometric Modalities and their Use: Loopholes in the   Terminology of the GDPR and Resulting Privacy Risks

Tamas Bisztray; Nils Gruschka; Thirimachos Bourlai; Lothar Fritsch

arXiv:2211.12899·cs.CR·November 24, 2022

Emerging Biometric Modalities and their Use: Loopholes in the Terminology of the GDPR and Resulting Privacy Risks

Tamas Bisztray, Nils Gruschka, Thirimachos Bourlai, Lothar Fritsch

PDF

TL;DR

This paper highlights privacy risks arising from current GDPR terminology ambiguities that weaken protections for biometric classification, especially for soft traits like emotions, emphasizing the need for impact assessments.

Contribution

It analyzes GDPR language to identify loopholes that reduce protection for biometric classification, proposing a focus on soft traits and privacy risks.

Findings

01

Biometric classification of soft traits faces less GDPR protection.

02

Potential privacy risks for emotion-based biometric applications.

03

Need for data protection impact assessments for such processing.

Abstract

Technological advancements allow biometric applications to be more omnipresent than in any other time before. This paper argues that in the current EU data protection regulation, classification applications using biometric data receive less protection compared to biometric recognition. We analyse preconditions in the regulatory language and explore how this has the potential to be the source of unique privacy risks for processing operations classifying individuals based on soft traits like emotions. This can have high impact on personal freedoms and human rights and therefore, should be subject to data protection impact assessment.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.