Legal Nature of Biometric Data: From ‘Generic’ Personal Data to Sensitive Data

Abstract

For many years, the status of biometric data from a European data protection perspective generated a lot of discussions among European bodies and legal experts. Finally, after four years of lengthy negotiations, the European institutions have adopted a new data protection framework. For the first time, the concept of biometric data is introduced in a European legislative text. Beyond being defined, biometric data are also treated as sensitive data. The changes introduced by the new data protection framework and the issues they raise will be assessed in this article. In a first section, the article will introduce the topic and clarify some terminological aspects. In a second section, it will summarise the slow introduction of the notion of ‘biometric data’ into the European data protection landscape before the adoption of the Data Protection Reform Package. The next section will deconstruct the concept of biometric data with the help of the definition of personal data. It will then argue that the threshold of identification required for biometric data is higher than the one required for ‘generic’ personal data. In a fourth section, the article will assess the ‘sensitive data’ regime that is applicable to biometric data. It will also question the element of the context of the processing, that has been added as the condition that triggers the extra protection granted to sensitive data. The last section will conclude on the changes introduced by the new provisions.