Biometric data privacy protections are being built into the policy and technology levels of digital identity systems in several of the most popular articles of the week on Biometric Update, and not a moment too soon. Mastercard and NIST both believe digital wallets storing mDLs could provide a method of gaining the assurance biometrics provides without taking on all the risks associated with legacy architectures, and New Zealand’s orderly digital identity system development is moving on to building its trust framework registry. Meanwhile facial recognition, both live and retrospective, continues to draw scrutiny in the U.S. and UK, and the market for detecting and protecting against deepfakes gets a deep dive.
Top biometrics news of the week
Deepfakes are turning the unending wealth of online facial images and voices into lucrative fraud campaigns, and a market for deepfake detection explored in the latest report and buyer’s guide from Biometric Update and Goode Intelligence. Some 9.9 billion deepfake detection checks will generate nearly $5 billion in revenue by 2027, according to the 2025 Deepfake Detection Market Report & Buyer’s Guide.
The way that information is shared for cashless payments has evolved dramatically from the days of handing out paper cheques with account numbers, full names and signatures to the tap of a payment card or digital device. Mastercard wants to bring the same kind of change to digital identity, through digital wallets and the mDLs to go inside them.
Digital wallets and new credentials like passkeys are added to NIST’s Digital Identity Guidelines in the latest update. Revision 4 of SP 800-63 also addresses enabling alternatives to face biometrics for identity proofing, and the impact of deepfakes on risk management. Anonybit points out in a blog post that the guidelines mention “privacy” 74 times.
New Zealand waited just long enough to alert vendors to start its tender process for a trust framework registry provider to put out the actual Digital Identity Services Trust Framework Rules. The Framework and New Zealand’s new biometric data privacy code combine to establish broad data security and privacy protections for the system. Work towards its launch is accelerating now, and an RFP is expected by the end of the month.
EY is half-way through delivering five solutions under a contract to build the registers and portals for Australia’s AGDIS, which is intended to cut down on sharing of people’s personal data. The contract has already been extended once, and the ACCC is negotiating an additional deal with the company.
The congressional fight over the TSA’s use of facial recognition at America’s airports has divided Republicans, and also drawn in the agency itself, with accusations that it got involved in lobbying. TSA has defended the program’s privacy bona fides and operational importance, but the Traveler Privacy Protection Act is still alive, just stalled at committee.
Live facial recognition remains the most controversial use of biometrics in the market, nearly a decade after London’s Met Police first deployed the technology in Notting Hill for Carnival. The technology and the social context in which it is deployed have changed significantly, writes former UK Biometrics & Surveillance Camera Commissioner Fraser Sampson writes in a column for Biometric Update, but police must show they have evolved too.
Independent testing is part of building accountability, and NIST’s most recent refresh of its FRTE shows the ongoing improvement of face biometrics’ accuracy, and evolution of the market. The agency has put its fingerprint, face and iris biometrics benchmarking programs on hold temporarily for a system upgrade.
Far less controversial though not entirely free from data privacy concerns than airport or public law enforcement applications of biometrics are the ID scan and selfie processes like those DHS S&T is testing with its RIVR. The biometric PAD phase of the challenge series is starting up, and TSA is hoping to help it handle risks around biometric enrollment and verification.
The sensitivity of health data has long posed a hurdle to adoption of digital information sharing, but now the White House is partnering with dozens of health tech companies to build a one-stop national health data platform. Critics allege a potential privacy hazard in the initiative.
Age assurance is the latest major front in online data privacy debate. The EU may impose transparency requirements on online platforms regarding their use of age verification or estimation as part of a CSAM removal law. In the UK, where the OSA is receiving another round of criticism over its impact on privacy, but refreshingly packaged with suggestions for improvement.
Meanwhile, digital systems continue to expand.
The World Bank-backed plan to build up Indonesia’s digital ID for public service delivery includes prequalification for a backup ABIS contract that starts next month. The procurement plan reflects the emphasis put on data protection with a contract for strengthening biometric data centers.
Entrust CEOs, incoming and outgoing, discussed digitizing citizen services with Biometric Update Podcast host Joel R. McConvey in the latest episode. They also discussed how the identity market, lifecycles and credentials are all evolving.
Please tell us if you spot any videos, podcasts or other content that you think we should share with the people in biometrics and the digital identity community through either the comments below or social media.
Article Topics
biometrics | data privacy | digital ID | digital identity | facial recognition | week in review
https://www.biometricupdate.com/202508/biometric-data-privacy-strengthened-by-policy-tech-upgrades