Biometrics: innovation and regulation
The European AI regulation and the new requirements of the Spanish Data Protection Agency open up a scenario of uncertainty for companies in a sector in turmoil
Image: Alejandro Negro Sala, partner at Cuatrecasas and Assumpta Zorraquino Rico, responsible partner for Digital Regulation in the NewLaw department of PwC Tax & Legal.
by mercedes galán
Biometric techniques, which identify individuals through intrinsic physical traits such as fingerprints, face, or voice, have been widely used across various sectors to enhance security and user experience. However, they face new challenges as their use is scrutinised to prevent potential unintended consequences.
In Europe, the recent AI regulation categorizes these systems based on risk and establishes associated restrictions, making Europe the first region with such comprehensive regulation on these solutions. This agreement will mark a milestone in the biometrics business. Additionally, in Spain, the Spanish Data Protection Agency (AEPD) published a guide last November 2023 that toughens criteria for the use of biometrics in access control, considering this treatment as high risk.
TECHNOLOGY VS REGULATION
Regarding whether technology outpaces regulation, experts are clear. “It has always been so. The evolution of any technology is much faster and dynamic than regulation, which requires a process of proposal drafting, discussion, consensus, and approval, but its vocation, in the case of the AI Regulation, is to promote innovation while preventing misuse,” declares Assumpta Zorraquino Rico, responsible partner for Digital Regulation in the NewLaw department of PwC Tax & Legal.
Alejandro Negro Sala, partner at Cuatrecasas, shares the same opinion: “Technology is a dynamic and changing phenomenon that poses constant opportunities for society and challenges for regulators. Therefore, in the field of technology and its advancements, regulatory developments tend to be reactive processes, making it inevitable that there is a gap between technological development and regulatory response”.
However, the above does not mean that technology lacks legal parameters capable of delineating what can or cannot be done. Asked whether before the approval of the recent AI regulation, AI system developments were unregulated, Alejandro Negro is clear: “Before its approval, AI systems had a fairly solid legal framework to adhere to, for example, the General Data Protection Regulation, labour regulations, those relating to damages caused by defects in these systems, which is now expanded with the approval of the European Regulation”.
CITIZEN SECURITY
…
