O3.24 Make alternative mechanisms besides biometrics available

Principle

O3: Ensure data privacy by design

Risk

Life Cycle Stage

L2: Strategy & Design

Practices

Biometric authentication shall not be a precondition for using DPI.

Setting up the system and onboarding users has to happen in a proportionate and efficient manner that takes into account the existance of civil registries.

Storage of biometrical information on a central server requires prior explicit consent from the user.

Biometrical information has to be specially protected.

Resources

References