THE RECOGNITION OF THE DECEASED BIOMETRIC DATA UNDER PERSONAL NON-PROPERTY RIGHTS IN TERMS OF THE GENERAL DATA PROTECTION REGULATION

Abstract

The authors of this work claim that the legislation of the European Union does not adequately protect biometric data, due to the actuality that the protection of biometric data after the death of a person is unresolved within the legal field of personal data protection. The General Data Protection Regulation (GDPR) does not apply to deceased individuals, meaning that biometric data that was processed under the GDPR during the individual's lifetime continues to be at risk of re-processing after the individual's death, meaning that businesses can potentially avoid GDPR when the person has died, and decide the fate of the deceased's biometrics at their own discretion.
 Taking into account the above, the authors of the work consider it necessary to orient special legislation to overcome the specified legal gap, and since the regulation on the protection of personal data is vague to solve the problem, the research proposal of the authors consists in the application of legal guarantees not only under the GDPR but also in conformity with civil law. Therefore, the authors aim to initiate provisions for potential legislation, including the consolidation of the processing of biometric data of the deceased as part of a person's last will. The development of legal norms that would protect the biometric data of deceased persons by classifying them as non-property rights is especially recommended for countries with a civil law system.
 The research paper also warns that privileges that belong to the non-property rights of an individual do not, as a rule, automatically pass to heirs. In this regard, in the absence of a person's will to decide the future fate of biometric data that is continuously processed at the time or after death, the authors offer to allow family members and other close persons to exercise the right to the protection of personal data, such as the right to be forgotten, on behalf of the deceased, and to demand the condition of appropriate technical and organizational guarantees in the event of such performance. In this matter, according to the authors, it is expedient to conclude agreements between interested parties and family members to determine the fate of biometric data. However, in order to avoid the realization of the right to the protection of personal data, which the deceased did not have time to realize during his lifetime, and if during the life of the person Article, 9 (2, a) GDPR confirmed as the basis for the permitted biometric data processing because it is subject to the consent of the person, then following the human-centric approach of the European Union, it is proposed to design and indicate in such consent a clause where the individual could specifically determine and decide the fate of the biometric data upon death, for example, to (i) delete, (ii) transfer for the research purposes.
 Consequently, the authors predict the development of legal regulation of biometric data by assigning it to the category of non-property rights. Hence, the adoption of special provisions for the protection of the deceased biometric data and ensuring the realization of the right to personal data protection is expected not only during life but also after death.