Biometric recognition, or biometrics, is automated recognition of individuals based on biological or behavioural characteristics. Biometric information is personal information and is regulated by the Privacy Act. Biometric information is particularly sensitive and requires careful assessment before use.
The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. Other countries are also considering how best to regulate these technologies and some have enacted specific regulatory frameworks for biometrics.
This paper sets out the position of the Office of the Privacy Commissioner (OPC) on how the Privacy Act regulates biometrics. It is intended to inform decision-making about biometrics by all agencies covered by the Privacy Act, in both the public and private sectors.
OPC believes that the privacy principles and the regulatory tools in the Privacy Act are currently sufficient to regulate the use of biometrics from a privacy perspective. OPC will continue to actively gather information about the use of biometrics in New Zealand, to see whether significant privacy issues or regulatory gaps emerge. OPC may also provide further information about its position on the use of particular biometric technologies, such as facial recognition, or on the use of biometrics in particular contexts, such as law enforcement. This position paper will be reviewed six months after publication, in consultation with key stakeholders, to assess its impact and whether any further steps are required.
Office of the Privacy Commissioner position:
2021-10-07-OPC-position-on-biometrics