Biometric data are measurements of living organisms, usually humans, and usually for the purpose of identifying individuals. These biological measurements may be morphological, like DNA, or behavioral, like gait patterns.
Cameras, especially CCTV cameras, record most of this data. Various sensor technologies cover most of the rest. However, other sources include blood or DNA tests, audio recordings, EEG measurements for the brain, and so on—anything that can measure biological data may be a source.
However, it is not all high-tech: fingerprints pressed onto thick paper with black ink also count.
From historical mugshot photos to detailed brainwave scans, most biometric databases are image-based. Further, as mentioned above, the data divides into morphological and behavioral data. Morphological data includes relatively static measures like DNA, face shape, and iris image, as well as more dynamic measures like body temperature or heartbeat. Behavior includes measurements like eye tracking data, typing rhythm, or, as noted above, gait.
Security services use this data most often. The data ensures that only authorized personnel access sensitive locations or equipment, that national elections remain secure, that housemates don’t log into an individual’s phone, and so on.
After security systems, the healthcare and fitness fields use the most biometric data. Both general practitioners and specialists use remotely-collected biometric data to monitor patients or as a supplement to diagnosis. Individuals also use the data to track their general health and fitness journeys. A runner, for example, would use wearable devices to track their stride, distance ran, and fatigue levels in order to improve in their sport.
At heart, biometric data must be fit for purpose. For example, heart rate or brainwave data may be necessary for health-related needs. For IT security, however, that information is likely irrelevant.
In both cases, however, the data must accurately measure whatever biological aspect required of it. It must also, at the same time, measure data that is both unique and universal. That is to say, the data must be something that nearly the entire population possesses and it must be specific enough to allow users to distinguish between the individuals being measured.
UIDAI: About Your Aadhaar
Thales Group: Biometrics: definition, trends, use cases, laws and latest news
Countries that have adopted data privacy and biometric laws have specific requirements around the collection of personal information related to children. Due to the nature of the app and its purpose, TikTok also has been scrutinized for compliance with privacy laws affecting minors.