Regulation is closely monitoring that industries preserve privacy-minding use of biometric technologies. New Zealand’s proposed a code of privacy practice for automated biometrics, which is being introduced in November 2025. The principles have been copied by the Privacy Commissioner of Canada which has also consulted new guidelines for both public and private sectors to protect privacy in biometric initiatives.
Whilst enabling extensive data gathering on individuals’ identities, organisations are also vested in adopting to evolving security risks and protecting their user’s data and loyalty.
A growing number of organisations facing threats are leveraging biometric modalities to verify identity and provide services. Information intimately linked to a person’s physical characteristics and unlikely to change over time such as fingerprints can have repercussions on privacy, despite strengthening verification capabilities.
The regulation supports the intent of biometric technology being collected, used and disclosed for a particular purpose, which should always carefully assess the risks associated.
The guidance clarifies consent requirements for biometric initiatives, how to safeguard data and protect accuracy by testing biometric systems.
Philippe Dufresne, Privacy Commissioner of Canada, said, “organisations need to approach the use of biometric information in a privacy-protective way, building privacy considerations at the beginning of any new program or initiative”.
“Prioritising privacy in this way supports innovation and helps create conditions for a more secure and enriching digital society”.
The OPC held a public consultation underpinning this work and development of the draft code between November 2023 and February 2024.
