A multi-layered approach combining secure design, cryptographic protections, best operational practices and a regulatory framework is required to protect biometric data. Therefore, protecting biometric data requires particular rigour. As we saw in the first part, this data is based on permanent physical characteristics and cannot be reset if a leak occurs. Therefore, securing it requires an approach that combines minimisation of collection, robust technical architecture, advanced cryptography and rigorous legal governance.
In the second part of this article, we will focus on the best technical, organisational and legal practices for protecting biometric data.
The fundamental principle is that biometric data should only be collected if storage is strictly necessary. Minimising collection remains the best form of protection. If biometrics are not essential, alternative authentication factors such as strong passwords, physical keys and limited-use authentication should be used instead.
Each piece of biometric data collected represents an ongoing responsibility for the organisation collecting it. Limiting the amount collected and stored automatically reduces the risk.
It’s important to note that storing raw data is strictly prohibited. It is imperative that biometric data is systematically converted into a template, preferably one that can be readily canceled.
There are several techniques for protecting templates, including:
Certain cryptographic approaches allow to go further. Comparisons using homomorphic encryption or secure multiparty computation (MPC) make it possible to verify identity without decrypting data on a third-party server.
These solutions remain resource-intensive, but they are particularly well suited to sensitive environments (banks, public institutions, defense). Privacy-preserving biometric matching methods are maturing and should be favored for critical applications.
Liveness detection aims to verify that the data comes from a real person who is present at the time of capture.
This barrier remains effective against attacks using artifacts (masks, photographs, recordings).
However, the rise of AI-powered image and sound generators requires increased vigilance: fake streams are becoming increasingly realistic.Systems must therefore combine several indicators: texture analysis, micro-expressions, dynamic interactions, and continuously evolve to counter new falsification techniques.
A privacy by design approach must be integrated from the earliest stages of the project.
Such an approach requires:
Auditability is equally essential: immutable access logs, traceability of processing, and regular checks ensure compliance and facilitate the detection of anomalies.
Biometric data is classified as sensitive by most regulators. In Europe, the General Data Protection Regulation (GDPR) imposes strict conditions on its processing:
Authorities such as the CNIL (French Data Protection Authority) emphasize that consent alone is not sufficient if there is no non-biometric alternative. Data protection impact assessments (DPIAs) are systematically required for facial recognition, secure access, or identity verification systems.
This tightening of regulations reflects a growing awareness that biometrics should not become a tool for surveillance, but rather a mechanism for identification that is proportionate, transparent, and reversible in its effects.
In the United States, Illinois’ Biometric Information Privacy Act (BIPA) imposes written consent requirements and provides for severe civil penalties for non-compliance.
The lawsuits against Facebook and Clearview AI marked a turning point, demonstrating that legal pressure could force digital giants to review their practices for collecting and storing biometric data.
Because a fingerprint cannot be replaced, systems must be designed to be revocable.
The principle is to apply a non-reversible and configurable transformation to the biometric model: if the data is compromised, this transformation can be revoked and a new one generated, without changing the original biological data (which would obviously be impossible).This logic of a derived, renewable identifier guarantees greater resilience if a data leak would occur.
Any organization that processes biometric data must have a specific incident response plan.
This plan must describe:
Public communication must be prompt, transparent, but also limited to what is necessary: disclosing too much technical information could facilitate further attacks.
Biometric data offers undeniable advantages in terms of authentication and user experience.
But their permanent nature imposes very strict security requirements. One simple rule applies: never rely exclusively on biometrics. Organizations must remember one essential rule: design systems as if they could be compromised, and build in the necessary mitigation and remediation mechanisms from the outset. Join us in December for our new topic. In the meantime, if you have a movie, TV series, software, or e-book to protect, don’t hesitate to call on our services by contacting one of our account managers. PDN has been a pioneer in cybersecurity and anti-piracy for over ten years, and we are sure to have a solution to help you. Happy reading, and see you soon!
Share this article
