Kristof Van Quathem of Covington & Burling writes:
On July 15, 2021, the Belgian Supervisory Authority (“SA”) released a 40-page draft recommendation on the use of biometric data and launched a public consultation to solicit feedback about it.
Most notably, the SA points out that there is no valid legal basis other than explicit consent (with all the GDPR limitations attached to it) that would enable the processing of biometric data for authentication purposes (e.g., security), because Belgian lawmakers failed to adopt the required national legislation to supplement the GDPR (specifically, to underpin the public interest exception found in Art. 9(2)(g) GDPR for processing sensitive personal data). The SA considers this outcome a departure from the rules that applied prior to the GDPR, and will therefore allow a one-year grace period to give controllers and lawmakers sufficient time to address the issue.
There were several other noteworthy points mentioned in the draft recommendation….
Read more on InsidePrivacy.