The General Personal Data Protection Law - LGPD has been in force since 2020, but many companies that collect, store, treat and share personal data have not yet complied with the Law. At
compliance with GDPR, it is necessary to understand several concepts and one of them is related to sensitive data, one of them identified by facial biometrics.
The use of facial biometrics for identity validation and user authentication is already part of the routine of many companies, especially those that use anti-fraud platforms. This tool raises the level of shielding against identity fraud and is therefore being increasingly adopted in various business lines. However, its use should be cautious in compliance with GDPR, as it must comply with the rules required by law.
Facial biometrics in compliance with GDPR is classified as sensitive data, as mentioned in article 5, II of the LGPD. According to the LGPD, sensitive personal data is about racial or ethnic origin, religious conviction, political opinion, affiliation to a union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data. , when linked to a natural person. So, in the context of LGPD, when using facial recognition technology, careful analysis is needed to justify the treatment of this data.
The use of facial biometrics is becoming increasingly recurrent, as it brings advantages such as agility, cost reduction and greater security. However, it is still surrounded by doubts related to privacy and misuse of the collected data, and for this reason, it is still expected, in the compliance with GDPR, an additional guidance from the ANPD on the subject, since there are no additional obligations that apply to the processing of sensitive data, nor a federal law that regulates its use.
The LGPD is already in force and impacting the Brazilian market as a whole. If your company has not yet made the compliance with GDPR eContact TATICCA – ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology to consulting on LGPD and also implementation, in an objective and assertive way, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of services or sale of products, adaptation of contracts serving LGPD, data mapping, implementation of the service channel, elaboration of a privacy policy, pre-formatted documentation with all the requirements of the GDPR