How to use biometric authentication in compliance with data protection?
1. Access to the e-Connect application through the employment of biometric data
EL.MO. Spa, now for over five years, among its many services offers the cloud technology named e-Connect, an infrastructure for centralization and supervision of intrusion, fire and video surveillance EL.MO. systems, from the PREGIO, ETR, VILLEGGIO, HERCOLA, NET and TACÓRA lines of control panels; this technology also allows remote use through the related application installed on the customer’s smartphone, aimed both at the installer and the end-user.
As part of the development of this service, falling within the category of the so-called cloud computing, EL.MO. has chosen to further increase the security degree of the users’ accounts connected to the platform and application, introducing the possibility of accessing them also through the use of the so-called biometric data.
This is a very simple procedure from an operational point of view, as it is sufficient for the e-Connect user, on the first access, to give consent to biometric authentication from the menu dedicated to the settings’ configuration of the smartphone. By selecting the type of data the user wants to be used for this purpose (depending on the device, fingerprint, facial recognition and such) and on condition that this access method is available and active in the mobile device, biometric authentication can be easily employed to access and enable e-Connect application and functions.
Concerning instead account’s security, the advantage for the user is clear: access through data relating to physical and physiological features that allow univocal identification (unlike common passwords and/or alphanumeric codes that can be forgotten and/or stolen), this method allows to more effectively protect the virtual space from unwanted intrusions, making it accessible only and exclusively by the owner of the biometric data.
Conversely, the nature of these data, defined as "particular" pursuant to art. 9 GDPR, forces those who decide to use similar recognition methods, to act with caution and take all appropriate precautions for what concern their related processing.
EL.MO., as will be extensively explained below, has developed a biometric authentication mechanism capable of allowing users to use such data to access the e-Connect account, at the same time ensuring absolute compliance of the confidentiality of the processing, the observance of the protections established by law and avoiding the unauthorized use of data outside the intended purposes.
2. The privacy-proof solution proposed by EL.MO.
First of all, it is necessary to provide a definition of "biometric data".
The term "biometrics", of Greek derivation, refers to the study of the biophysical characteristics of an individual, which traditionally characterize them in a unique way: an individual can never be confused with another on the basis of their biometric data.
Under the current legislation on the protection of personal data, the European Legislator, in art. 4, par. 1, no. 14 of the Regulation for the protection of personal data (so-called GDPR), has classified as biometric data the "personal data obtained from a specific technical treatment, relating to the physical, physiological or behavioral characteristics of a physical person and which allow or confirm the unique identification, such as facial image or fingerprint data”.
In other words, the collection of data included in this particular category is possible only by resorting to the use of automated biometric recognition systems, meaning the devices capable of identifying people on the basis of the unique physical characteristics of the person. Such devices are composed by:
- a hardware component, which through a reader (video camera, fingerprint reader) acquires the data (for example the mathematical representations of the face and/or the fingerprint);
- a software that, at a later time and through the use of analysis algorithms, associates the data deriving from the outside, detected by the hardware, to those previously acquired and stored as a parameter in the system database, in order to verify that the data are attributed without doubt to a specific subject, thus identifying the person.
Given the above, in compliance with the principle of data minimization, according to which the Data Controller must process only the data essential to achieve the Controller’s purposes, EL.MO. has devised a system that does not imply a direct use of biometric data.
In fact, the biometric authentication that allows users to access their own accounts, in any way does not allow EL.MO. to directly collect and process the specific data, which are exclusively managed by the manufacturer of the mobile device and/or its operating system according to its own privacy policies, the latter being the only one able to display the biometric data.
The biometric data, in fact, can be used by EL.MO. only indirectly, by connecting to the authentication functions made available by the user's smartphone operating system if enabled. In this context, the recognition mechanism, arranged and managed exclusively by the mobile device manufacturer and/or the operating system manager, send to EL.MO. only a confirmation (in the form of an input) of the correspondence between the biometric data collected at the time of access and the one already stored within the system.
Basically, for both the hardware and the software components, EL.MO. employs the automated biometric recognition computer system set up by the owner of the user's smartphone operating system, without ever having control or the possibility of interference, exclusively receiving the permission for the applicant to access the e-Connect profile referred to the proper user.
Lastly, in the specific case the user enables the "Access to the control panel via biometric data" function, EL.MO. has also determined that the data used to access to the control panel (consisting of the user’s number and related code) are saved as well, in encrypted form, only in the data storage of the user's mobile device, and used exclusively to access to the control panel, therefore never stored by EL.MO. on its servers.
In this way, when activating the e-Connect application and accessing the related account, users will be able to authenticate themselves using their biometric data (such as, by way of example, facial images and related mathematical representations of one's face), without EL.MO. ever been able to process such identification data directly.
3. Information obligations
EL.MO.’s choice to not directly collect and process particular data, which are exclusively managed by the manufacturer of the mobile device and/or its operating system according to their privacy policies, derives from an in-depth study of the legislation on the protection of personal data, with a view to maximizing the protection of its users.
In fact, it is worth pointing out that biometric data, pursuant to art. 9, par. 1 of the GDPR, fall into the category of particular data and, in accordance with the article in question, the European legislator has prohibited its processing, unless the interested party has provided their explicit consent to use (which must not be prohibited by law) and with exception of some special cases.