Researchers ranked 96 countries by their collection and use of biometric data.  Biometrics are gathered and stored as part of international travel, banking, law enforcement, healthcare tracking, and general surveillance by governments.

The worst offenders from a privacy perspective were:

  1. China
  2. Costa Rica
  3. Iran
  4. United States, Uganda, United Arab Emirates, Bangladesh, Philippines, and Saudi Arabia (a 6-way tie for 4th place)

The the danger with biometrics is that once any government or entity has them, they might be able to track your activities for the rest of your life. Biometric markers are chosen for accuracy and longevity. There is no reset or reissuance. If a cybercriminal obtains it, they may attempt to impersonate you or validate transactions with your identity! Privacy matters.

Key findings

  • Many countries collect travelers’ biometric data, often through visas or biometric checks at airports
  • The vast majority of countries we studied use biometrics for bank accounts, e.g. fingerprints to access online app data and/or to confirm identities within the banks themselves
  • Despite many countries recognizing biometric data as sensitive, increased biometric use is widely accepted
  • Facial recognition CCTV is being implemented in a large number of countries or at least being tested
  • EU countries scored better overall than non-EU countries due to GDPR regulations protecting the use of biometrics in the workplace (to some extent)
  • Many of the top-scoring countries don’t necessarily receive their high scores for “best practices” but because they are developing nations that haven’t moved toward technology-based solutions in certain areas

Top 5 worst countries for biometric data collection and use

These countries received the lowest scores overall, meaning they are showing a concerning lack of regard for the privacy of people’s biometric data. Through the collection, use, and storage of biometric data, these countries use biometrics to a severe and invasive extent.

1. China = 2/31

China only managed to score two points – one for its lack of a biometric voting system and one for its allowance of passport holders from Singapore, Brunei, and Japan to enter the country visa-free for up to 15 days. Its score for not having a biometric voting system also comes with a little irony as the voting system is very heavily controlled, which perhaps rids the need for biometric voting.

Some key areas for concern in China are:

  • Its extensive nationwide biometric database is being expanded to include DNA.
  • Its widespread and invasive use of facial recognition technology in CCTV cameras. As our previous study, Surveillance States, found, facial recognition cameras are now being used to track and monitor the country’s Muslim minority, Uighurs, among other things.
  • Its lack of safeguards for employees in the workplace. Companies have even been permitted to monitor employees’ brain waves for productivity while they’re at work.
  • Fingerprints of anyone entering China are taken.

Some may have hoped that China’s draft personal information protection law would help improve its biometric use. But genetic and biometric data is excluded from the definitions and from within the law.

2. Costa Rica = 3/31

Costa Rica only receives 3 points as it is only just beginning to implement facial recognition within the country and it allows a small number of countries to enter visa-free.

Particularly concerning is Costa Rica’s two new national biometric databases. One will include every Costa Rican over the age of 12 and the other every foreigner that enters the country. Police also have full access and both will help facilitate the upcoming facial recognition systems.

At present, the data protection law in Costa Rica doesn’t protect biometric use or recognize biometrics as sensitive data.

3. Iran = 5/31

With widespread use of facial recognition, which is also linked to a biometric database and is accessible by the police, Iran’s use of biometrics is extensive and invasive. It also lacks adequate protections for the use of biometrics and the collection of traveler biometrics is on a large-scale, too.

4. USA, Saudi Arabia, United Arab Emirates, Bangladesh, the Philippines and Uganda = 6/31

The biggest shock in the bottom 5 is the United States, which ranks as one of the fourth-worst countries for biometric data collection and use. This year, it remains fourth-worst, despite a further 45 countries being included in the study this time.

Most concerning is its lack of a specific law to protect citizens’ biometrics. While there is a handful of state laws that protect state residents’ biometrics (as can be seen in our state privacy study), this does leave many US citizens’ biometrics exposed as there is no federal law in place. And this is despite the widespread and growing use of facial recognition in public places, biometrics within the workplace, and fingerprints for visas.

It’s a similar picture in all of the other fourth-worst countries, with large biometric databases with police access, inadequate or no legislation to safeguard biometric use, and growing/extensive facial recognition use.

5. Iraq and Malaysia = 7/31

Both of these countries have biometrics within their passports, ID cards, and a large biometric database with police access. Neither have a data protection law that considers the use of biometrics and facial recognition CCTV is also largely implemented in these countries.


Article Source: https://www.comparitech.com/blog/vpn-privacy/biometric-data-study/

E-mail me when people leave their comments –

CISO and Cybersecurity Strategist

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)