The Use and Collection of Biometric Data Is Increasingly Prevalent — But How Does It Work?

From Apple's Health to the voice ID services multinational banks like HSBC rely on, there's no shortage of apps and features that collect data about their bodies and health and other pieces of information that can double as unique identifiers. The collection of biometric data is becoming more and more prevalent. So, who can collect biometric data?

Social media giant TikTok updated its privacy and policy section in the summer of 2021 to better reflect the current climate, warning users that it may "may collect biometric identifiers and biometric information" for content moderation, demographic classification, and other purposes.

According to TechCrunch, TikTok published the updated guidelines in June 2021. The sweeping measures garnered a great deal of criticism — though perhaps nowhere near as unsparing as a $92 million lawsuit against the Beijing-based company. At the time of writing, the TikTok Privacy Policy pages contain no mention of the collection and use of biometric data, which suggests that they may have since been updated.

Air Canada recently made headlines by unrolling a service enabling passengers to board flights simply by providing access to their facial biometric data. A touchless, faster, and more streamlined form of traveling, the service garnered considerable popularity following its launch in December 2020.

Meanwhile, firms like Apple or Disney Parks, Experiences, and Products have been using biometric data collection tech for quite some time. Touch ID was unrolled in 2013, the same year Disney introduced its RFID gate system.

Companies that collect biometric data will likely be required to adhere to more stringent legislation over the coming years. In August 2021, the state of New York became the fifth to pass laws directly sanctioning the use and collection of biometric data, following the examples set by California, Washington, Texas, and Illinois. Other U.S. states imposed regulations that indirectly regulate the use of biometric data.

According to Forbes, most companies collecting biometric data have to follow rules regarding its collection, use, and storage. In most cases, they are required to alert customers, employees, and other subjects ahead of the exchange. Businesses are commonly required to disclose that they collect biometric data.

An increasing number of startups are concerned with matters pertaining to cybersecurity. The potential elimination of the increasingly obsolete system whereby users can only access services, online interfaces, and the like by manually entering a password will likely result in a growing interest around questions such as the protection of biometric data.

However, in 2019, the fingerprints of more than 1 million people, as well as facial recognition information, was made publicly available after security company Suprema merged its Biostar 2 platform with AEOS, per The Guardian. It's perhaps not too bold to argue that hacking isn't the only problem consumers and employees will have to take into account before agreeing to provide access to their biometric data.