O3.13 Ensure that biometric authentication is not mandatory

Principle

O3 Ensure data privacy by design

Risk

RS1 Privacy Vulnerability

SV4 Technical shortcomings

RI3 Exclusion

Life Cycle Stage

L2 Strategy and Design

Practices

• Implement policies that offer users alternative authentication methods besides biometrics, such as passwords, tokens, or multi-factor authentication, to ensure user choice and privacy.

• Setting up the system and onboarding users has to happen in a proportionate and efficient manner that takes into account the existance of civil registries.

• Storage of biometrical information on a central server requires prior explicit consent from the user. Biometrical information has to be specially protected.

Resources

Case Study

( to come soon..)

References