DPA required for the processing of biometric data (e.g. finger prints, facial recognition or retina scan technologies, techniques of recognition of vocal emissions etc.) among others:
- The provision to individuals (i.e. the data subject) of a privacy information notice that not only shall list all the information prescribed by Italian law, but shall also inform them on whether there are technologies alternative to the collection of biometric data, shall mention specific instructions regarding the usage of the device held by the user and shall include signs or warnings where such data are collected for instance in case of access to specific areas;
- The prior consent from the individuals;
- The prior notification of the data processing to the DPA, save for some exceptions such as the processing performed by medical practitioners;
- The implementation of stringent security measures in terms, among others, of
- obligations of deletion of raw data collected during the biometric capture,
- usage of encryption technologies for their storage and transfer and
- usage of mobile device auditing technologies;
- The storage of such data for no longer than the term required which varies depending on the type of processed biometric data;
- The notification to the DPA through a dedicated email address of data breaches; and
- The prior approval by the DPA which will prescribe the measures to be implemented in the data processing whose application shall list specific information.
However, with an order just issued by the DPA together with the guidelines listed above, the DPA prescribed that the usage of technologies of recognition of finger prints, of the topography of the palm of the hand and of hand signatures does not require its prior approval when biometric data collected through these technologies are processed for:
- Electronic authentication,
- Access to dangerous areas,
- Circumstances where fingerprints and the topography of the palm of the hand are used to facilitate the usage of some functioning, and
- The execution of electronic documents through the so called advanced electronic signature.