Biometric data is the measurement of living organisms, usually humans, and usually for the purpose of identifying individuals. These biological measurements may be morphological, like DNA, or behavioral, like gait patterns.
Cameras, especially CCTV cameras, record most of this data. Various sensor technologies cover most of the rest. However, anything that can measure biological data may be a source, such as blood or DNA tests, audio recordings, EEG measurements for the brain, and so on.
However, it is not all high-tech: fingerprints pressed onto thick paper with black ink also count.
Most biometric databases are image-based, such as historical mugshot photos or detailed brainwave scans. Further, as mentioned above, the data divides into morphological and behavioral data. Morphological data includes relatively static measures like DNA, face shape, and iris image, as well as more dynamic measures like body temperature or heartbeat. Behavior includes measurements like eye tracking data, typing rhythm, or, gait.
This data is used most by security services. The data is there to ensure that only authorized personnel access sensitive locations or equipment, for example – that national elections remain secure, that housemates don’t log into an individual’s phone, and so on.
The healthcare and fitness fields use the most biometric data, after security systems. Remotely-collected biometric data is used by both general practitioners and specialists to monitor patients or as a supplement to diagnosis. Individuals also make use of data to track their general health and fitness journeys. A runner, for example, would use wearable devices to track their stride, distance run, and fatigue levels in order to improve their running ability.
Essentially biometric data must be fit for the purpose required. For example, heart rate or brainwave data may be necessary for health-related needs. For IT security, however, that information is likely irrelevant.
In both cases, however, the data must accurately measure whatever biological aspect is required of it. Data that is being measured should also be both unique and universal. That is to say, the data must be something that nearly the entire population possesses and it must be specific enough to allow users to distinguish between the individuals being measured.
UIDAI: About Your Aadhaar
Thales Group: Biometrics: definition, trends, use cases, laws and latest news
Countries that have adopted data privacy and biometric laws have specific requirements around the collection of personal information related to children. Due to the nature of the app and its purpose, TikTok also has been scrutinized for compliance with privacy laws affecting minors.