In the complex and fragmented spectrum of personal data protection, biometric data represent one of the most challenging issues. On one hand, because, as will be discussed below, they represent data that allow for precise and unique identification of individuals. On the other hand, because they offer vast opportunities in many sectors, including in relation to the recognition of minors (and their protection) for accessing internet services. There is another aspect that raises concerns, namely the use of biometric data for the purpose of citizens’ recognition by public authorities. Dystopian scenarios that link the needs of public security with the legitimate expectations of individuals not to be constantly monitored in their movements in public spaces. This paper aims at investigating the regulations regarding biometrics in the General Data Protection Regulation (EU Regulation No. 2016/679 – GDPR), and then analysing the rules of the AI Act (in the currently available version, the text of which is not yet finalised). These rules have been applied in the compliance activities within the Arcadian project, funded under the Horizon2020 measure of the European Commission: the legal activity carried out has allowed, in particular, to examine the rules on biometrics and personal data applied to the research project pilots and the guidelines provided in this context.
Use of Biometric Data in research activity. The solution adopted by the Arcadian Project
Giovanni Maria Riccio
2024-01-01
Abstract
In the complex and fragmented spectrum of personal data protection, biometric data represent one of the most challenging issues. On one hand, because, as will be discussed below, they represent data that allow for precise and unique identification of individuals. On the other hand, because they offer vast opportunities in many sectors, including in relation to the recognition of minors (and their protection) for accessing internet services. There is another aspect that raises concerns, namely the use of biometric data for the purpose of citizens’ recognition by public authorities. Dystopian scenarios that link the needs of public security with the legitimate expectations of individuals not to be constantly monitored in their movements in public spaces. This paper aims at investigating the regulations regarding biometrics in the General Data Protection Regulation (EU Regulation No. 2016/679 – GDPR), and then analysing the rules of the AI Act (in the currently available version, the text of which is not yet finalised). These rules have been applied in the compliance activities within the Arcadian project, funded under the Horizon2020 measure of the European Commission: the legal activity carried out has allowed, in particular, to examine the rules on biometrics and personal data applied to the research project pilots and the guidelines provided in this context.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.