Belgium: DPA launches public consultation on draft recommendations for processing biometric data
The Belgian Data Protection Authority ('Belgian DPA') launched, on 15 July 2021, a public consultation on its draft recommendations for processing biometric data in line with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the Belgian DPA outlined that biometric data, such as digital fingerprints or retina scans, constitute sensitive data and thus processing of the same is forbidden under the GDPR without the use of one of the exceptions provided under Article 9(2) of the GDPR. More specifically, the recommendations aim to guide data controllers and data processors in the correct application and interpretation of the applicable provisions relating to the processing of biometric data. However, the recommendations do not apply to the processing of biometric data by competent authorities for law enforcement or other such processing activities which are not covered in the scope of the GDPR.
Among other things, the recommendations offer guidance and best practices regarding the nature of biometric data, determining the identity of the data controller and processor, applying the data protection principles to processing of personal data, legal bases which can be relied upon and requirements for the use of applicable bases, and the definition of purposes for processing.
In addition, the recommendations offer real-life examples to illuminate the best practices described.
Comments may be submitted via email to [email protected] until 1 September 2021.