On biometrics‐based authentication and identification from a privacy‐protection perspective: Deriving privacy‐enhancing requirements

Biometric techniques, such as fingerprint verification, iris or face recognition, retina analysis and hand‐written signature verification, are increasingly becoming basic elements of authentication and identification systems. However, any human physiological or behavioural traits serving as biometric characteristics are personal data protected by privacy protection legislation. To address related issues, this paper examines these classes of biometrics according to data protection principles, purpose, proportionality and security, provided in international legislation. This analysis leads to the desired properties of biometric systems in the form of functional and non‐functional requirements, in order to support developers minimising the risk of being non‐compliant to privacy protection legislation, and to increase user acceptance.