Alessandro Ortalda, Carlotta Rigotti, Andrés Chomczyk Penedo, Paul De Hert (VUB)
This part of the Guidelines was reviewed by Stefano Leucci (EDPS), Ernestina Sacchetto (University of Turin), Catherine Jasserand-Breeman(KU Leuven) and Lydia Belkadi(KU Leuven)
This was finally validated by Prof. Gert Vermeulen, former privacy commissioner at the Belgian Data Protection Authority and a former member of the European Data Protection Board’s BTLE subgroup (Borders, Travel and Law Enforcement)
Research activities may sometimes involve the processing of biometric data, which requires researchers and research institutions acting as data controllers or processors to address data protection requirements. Since biometric data enjoy a special protection regime under the EU regulatory framework, researchers working with biometric data should comply not only with the general data protection requirements and the specific requirements provided in article 89 of the European General Data Protection Regulation (GDPR) related to research activities[1], but they should also implement additional safeguards tailored to the specificities of biometric data and/or biometric processing.
It is divided in two different chapters. The first (Exposition and Step by Step Guidelines) gives some suggestions on how to comply with data protection regulations, following a step-by-step model. The second (Case study) applies this conceptual framework to a concrete case.
References
[1] ‘Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such’ (2016).