Facial recognition data to be reclassified as "biometric data": impacts on privacy rules

The European Data Protection Board (EDBP) set up by the General Data Protection Regulation (GDPR) gathers the national Data protection agencies. The EPPB will discuss today new guidelines in order to reclassify facial recognition data as “biometric data”.  Facial recognition data would require explicit consent from the person whose data is being collected, as defined by the GDPR.

Under the GDPR, biometric information is considered as “sensitive data,” meaning that its collection is prohibited unless individuals give explicit consent or the information has been made public.

These guidelines which are still a draft document, would have far-reaching impacts

Regarding security services, more stringent demands for consent could challenge police forces that are turning to facial recognition to keep tabs on crowds.

They are also likely to weigh on tech companies like Facebook whose users have already the possibility to to opt in to using the platform’s facial recognition tool for automatic tagging of their photographs.

It is expected from these guidelines to better define how to get a higher level of consent for facial recognition tools.

The guidelines are expected to go through a public consultation process before being finalised by the EDPB .