The use of biometrics has skyrocketed in mainstream usage in recent times noted by Bahaa Abdul Hadi. Every department now uses it from employees log-ins to immigration checks and for healthcare and military purposes. Biometric fusion refers to collection of different types of biometric data such as facial, fingerprint, voice, retina and gait recognition under a single system. The data is stored on a collective database which makes it easier for detection and contextualization across different purposes.

What are the laws surrounding biometric fusion?

Much of the world still lacks clear-cut laws surrounding biometric fusion. For instance, there are no legal frameworks in the U.S. but Illinois has BIPA (Biometric Information Protection Act). According to this, companies are to required to lay down the specifications of biometric data collected and get the consent of users. Violations of it result in penalties ranging from thousands of dollars.

In many countries like India, the law surrounding biometrics is limited to the use of biometric fusion in the law enforcement departments. They specify rules about collecting data from convicts and recognition methods for criminal matters. In 2021, China enacted the Personal Information Protection Law (PIPL) in an attempt to protect citizen rights by combining collection of biometric data with privacy laws.

Evolution of GDPR

In 2018, netizens were debating the intricacies of the General Data Protection Regulation laid down by the European Union in a bid to bring biometric data into the purview of law. Questions were raised about its effectiveness in protecting the rights of the citizens and the extent to which privacy of data is guaranteed.

Since the concept of multibiometrics was in its burgeoning stages, many countries around the world were still trying to grasp the multifaceted nature of biometric fusion technologies. However, GDPR has proven more effective than other rules and regulations around the world as it is the closest thing we have to a formal legislative framework.

Examples of GDPR protecting biometric data

In Sweden, a school was fined for collecting biometric data from students using ambiguous definitions of consent. The face recognition tools used extracted such data without explicit agreement. Many violations caught by the GDPR are cases of parties using the data for reasons other than what’s stated in the law. Similarly, a company in the Netherlands met a penalty for unlawful collection of data from employees.

In this way, different governments are slowly framing more defined laws regarding biometric fusion and the scenario is expected to get better in the next decade. Thank you for your interest in Bahaa Abdul Hussein Blogs. For more information, please visit