Biometrics: Face ID – Data Privacy

Legal Area: Privacy
Industry: Technology

The tech world was recently getting used to the idea of being able to perform transactions from their devices by using only their digital print, when Apple Inc. leaps on to the next generation by introducing face recognition into their star product, the iPhone X.

The technology itself is not ground breaking, since it has been around since the early 2000’s, used without great success in surveillance and even portable computers. But, the applications and implications derived from the Cupertino Company´s proposal are to be considered and seriously valued for possible legal implications.

The main concerns surround the possible privacy breaches from crackers or government agencies, which Apple claims to have foreseen. Regardless the public, especially those who are more meticulous, question the company’s ability to safely store this information.

Ever since Touch Id was released along the iPhone 5s, word from Cupertino has been that no biometrical information was been uploaded or stored in any Apple related server or cloud. The information never leaves your device, and it is stored in a specific processor called a Secure Enclave, in charge of encryption and decryption of mathematical algorithms obtained from your print.

With the development and worldwide launch of Face ID, there are no reasons for us to suspect a different handling on the matter by Apple with this highly sensitive information.  

Cyber-security or Big Data?

Consumers biggest concerns lies upon possible security breaches, scenarios were someone accesses their devices without permission, and steals their private photos, messages or maybe banking information.  Other concerns focus upon the possibility of law enforcement agents forcedly unlocking your device and violate your constitutional privacy rights. In times, paying little to no attention to the invaluable price of the information gathered on a daily basis by their smart phones.

These days, information that can be merchandised or analyzed in some level, could be more valuable than a bank account number. Data Analytics for marketing, espionage or business means is on the rise and highly rewarded; often becoming the main reason for someone to crack your device and steal your information. 

From a legal perspective, biometric data is granted with the highest level of protection, the UE for example states that this information can only be treated under specific circumstances when certain factors collide; or with the famous Informed Consent.

We can only fantasize with the value of information obtained by constant monitoring of your facial expression, changes or even the background were the scan is taken; allowing machine learning to understand and predict your mood swings, fashion preferences, aging, weight or even some sort of illness.

This means that security policies will have to be studied in depth, and consumers must be aware and fully comprehensive of how information is going to be treated, stored or handled by the requesting party.

Off course close monitoring over their activities is advised.

Questions are yet to be answered by companies like Apple that walk over a thin line between customer satisfaction, innovation and Data Privacy scandals.

For now, encryption processors like Secure Enclave have proven to be effective; but it is undeniable that each day cyber criminals get better, and put to the test even the most secure softwares out there.

In the end, it is left up to the user to decide if they want to store and or share their faces, retinas and even digital print information on their smart devices, they must understand and accept the risks and responsibilities attached.

Do you want more information?

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Jaime Schmidt Jaime Schmidt

Attorney and Notary Public, with a Master's Degree on Intellectual Property and Technology Law. 

Costa Rica - Costa Rica

More from Jaime Schmidt

English