Boosting Biometric Privacy: Policy and Tech Enhancements

Published Date : 8/9/2025 

Biometric data privacy is being fortified through policy and technological advancements in digital identity systems. From Mastercard's digital wallets to NIST's guidelines, and New Zealand's trust framework, the focus is on ensuring robust data protection. 

Biometric data privacy protections are being built into the policy and technology levels of digital identity systems. Mastercard and NIST both believe digital wallets storing mDLs could provide a method of gaining the assurance biometrics provides without taking on all the risks associated with legacy architectures. New Zealand’s orderly digital identity system development is moving on to building its trust framework registry. Meanwhile, facial recognition, both live and retrospective, continues to draw scrutiny in the U.S. and UK, and the market for detecting and protecting against deepfakes is growing.

Deepfakes are turning the unending wealth of online facial images and voices into lucrative fraud campaigns. A market for deepfake detection explored in the latest report and buyer’s guide from Biometric Update and Goode Intelligence predicts that 9.9 billion deepfake detection checks will generate nearly $5 billion in revenue by 2027.

The way that information is shared for cashless payments has evolved dramatically from the days of handing out paper cheques with account numbers, full names, and signatures to the tap of a payment card or digital device. Mastercard wants to bring the same kind of change to digital identity through digital wallets and the mDLs to go inside them.

Digital wallets and new credentials like passkeys are added to NIST’s Digital Identity Guidelines in the latest update. Revision 4 of SP 800-63 also addresses enabling alternatives to face biometrics for identity proofing and the impact of deepfakes on risk management. Anonybit points out in a blog post that the guidelines mention “privacy” 74 times.

New Zealand waited just long enough to alert vendors to start its tender process for a trust framework registry provider to put out the actual Digital Identity Services Trust Framework Rules. The Framework and New Zealand’s new biometric data privacy code combine to establish broad data security and privacy protections for the system. Work towards its launch is accelerating now, and an RFP is expected by the end of the month.

EY is halfway through delivering five solutions under a contract to build the registers and portals for Australia’s AGDIS, which is intended to cut down on sharing of people’s personal data. The contract has already been extended once, and the ACCC is negotiating an additional deal with the company.

The congressional fight over the TSA’s use of facial recognition at America’s airports has divided Republicans, and also drawn in the agency itself, with accusations that it got involved in lobbying. TSA has defended the program’s privacy bona fides and operational importance, but the Traveler Privacy Protection Act is still alive, just stalled at committee.

Live facial recognition remains the most controversial use of biometrics in the market. Former UK Biometrics & Surveillance Camera Commissioner Fraser Sampson writes in a column for Biometric Update that while the technology and the social context in which it is deployed have changed significantly, police must show they have evolved too.

Independent testing is part of building accountability, and NIST’s most recent refresh of its FRTE shows the ongoing improvement of face biometrics’ accuracy and evolution of the market. The agency has put its fingerprint, face, and iris biometrics benchmarking programs on hold temporarily for a system upgrade.

Far less controversial though not entirely free from data privacy concerns than airport or public law enforcement applications of biometrics are the ID scan and selfie processes like those DHS S&T is testing with its RIVR. The biometric PAD phase of the challenge series is starting up, and TSA is hoping to help it handle risks around biometric enrollment and verification.

The sensitivity of health data has long posed a hurdle to adoption of digital information sharing, but now the White House is partnering with dozens of health tech companies to build a one-stop national health data platform. Critics allege a potential privacy hazard in the initiative.

Age assurance is the latest major front in online data privacy debate. The EU may impose transparency requirements on online platforms regarding their use of age verification or estimation as part of a CSAM removal law. In the UK, the OSA is receiving another round of criticism over its impact on privacy, but refreshingly packaged with suggestions for improvement.

Meanwhile, digital systems continue to expand. The World Bank-backed plan to build up Indonesia’s digital ID for public service delivery includes prequalification for a backup ABIS contract that starts next month. The procurement plan reflects the emphasis put on data protection with a contract for strengthening biometric data centers.

Entrust CEOs, incoming and outgoing, discussed digitizing citizen services with Biometric Update Podcast host Joel R. McConvey in the latest episode. They also discussed how the identity market, lifecycles, and credentials are all evolving. 

Frequently Asked Questions (FAQS): 

Q: What is a digital wallet in the context of biometric data?

A: A digital wallet is a secure electronic device or software application that stores and manages digital credentials, such as mobile driver's licenses (mDLs), to provide a method of gaining the assurance biometrics provides without taking on all the risks associated with legacy architectures.

Q: What is NIST's latest update to its Digital Identity Guidelines?

A: NIST's latest update, Revision 4 of SP 800-63, includes digital wallets and new credentials like passkeys, addresses enabling alternatives to face biometrics for identity proofing, and the impact of deepfakes on risk management.

Q: What is New Zealand's Digital Identity Services Trust Framework?

A: New Zealand's Digital Identity Services Trust Framework is a registry that establishes broad data security and privacy protections for the digital identity system. It is being developed to ensure robust data protection.

Q: What is the controversy surrounding live facial recognition technology?

A: Live facial recognition technology is controversial due to privacy concerns and the potential for misuse. There are ongoing debates and scrutiny in the U.S. and UK regarding its deployment and regulation.

Q: What is the market for deepfake detection, and how is it growing?

A: The market for deepfake detection is growing rapidly. According to a report by Biometric Update and Goode Intelligence, 9.9 billion deepfake detection checks will generate nearly $5 billion in revenue by 2027. 

More Related Topics :