The past few years saw the world's increased interest in biometric identification of Internet users. Biometric data differ from other identifiers: they are immutable and inalienable from their carriers, so any theft (including as a result of leakage) can lead to irreparable consequences. The aim of the article is to study the legal regulation of online biometric identification and processing of biometric data in the United States of America, China, and the European Union, as well as to assess the Russian legal regulation of this area in the light of world experience. For this, the authors use a comparative legal methodology. Each of the cases selected as research material illustrates one of the three regulatory models the authors identified. Each of the models is based on a certain constitutional concept of establishing a balance between users' private interests, on the one hand, and public interests, on the other. The US regulatory model is based on the establishment of minimum government guarantees of human rights observance in the processing of biometric data, while operators of Internet platforms remain with wide discretion in determining the procedure for processing biometric information. The Asian model, implemented, in particular, in China, proceeds from the priority of public interests over the privacy interests of individuals. States that implement such a model in their national legislation form centralized databases of subjects' biometric data, actively involving private Internet service providers in this process. The European model, which is based on the General Data Protection Regulation adopted in the European Union, on the contrary, proceeds from the recognition of the priority of the interests of the individual over public interests, establishing for this purpose strict rules regarding the processing of biometric data by Internet service providers and making it almost impossible to create centralized databases for accumulation of such information. Analyzing the trends in Russian legislation, the authors come to the conclusion that legal regulation in Russia tends to the Asian model and note that its implementation is associated with significant risks to human rights and freedoms, including in connection with data leaks from biometric databases. The emphasis is made on the fact that Russia, unlike Asian countries, is a member of the Council of Europe and is bound by the human rights standards laid down in its international documents. These standards should be taken into account when legislating in this area.
Read full abstract