Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsThe Dangers of Biometric Information, Part 2
We’ve previously written about the dangers of biometric personal information from the data subject’s perspective. We addressed the dangers of businesses knowing too much about us either through our physiological information or our behavioral information.
This article is a case of behavioral biometric information being dangerous for the business that collected it.
A bank was acting as a data controller and used artificial intelligence to analyze the audio recorded during customer service calls. The calls were analyzed to determine the emotional state of the data subject on the other end of the line. The artificial intelligence was used to rank which data subjects to prioritize for callbacks.
This allowed the bank to prevent complaints and avoid losing customers.
What the bank did wrong was not properly notifying customers about the processing that was going on. Reading the privacy notice, a customer wouldn’t know that their voice was analyzed for purposes of detecting their emotional state.
The data protection authority noted that the only lawful legal basis for processing emotions-based voice analysis can be (properly) informed consent from the data subject.
The bank had gone through the motions of completing a data protection impact assessment, but after identifying that the voice/emotions analysis was of high risk to the data subjects, they did not come up with solutions to address the high level of risk.
The data protection authority pointed out that the legitimate interest legal basis isn’t a catch-all for processing activities that would otherwise be illegal. Legitimate interests as a justification need to take into account both the controller’s interest and the data subject’s interest.
These several failures by the bank led to it receiving a hefty fine of 670,000 Euros.
When complying with data privacy regulations, it’s important to not do the “bare minimum,” which often ends up in fact not being the bare minimum, but instead insufficient. To avoid the same fate as the bank, when it comes to data protection impact assessments, do them right, with Clarip’s help. Clarip can also help controllers with automated data subject request fulfillment, automated data mapping, consent management, vendor management, data risk intelligence scans, and much, much more. To learn more, visit us at www.clarip.com or call us at 1-888-252-5653.
Email Now:
Mike Mango, VP of Sales
mmango@clarip.com
Other Articles on this Topic:
The Dangers of Biometric Information
Consumers Prefer Biometric Authentication
What Your Company Needs to Know About Regulation of Biometric Data
Roadmap to Biometric Governance Readiness
Regulation of Biometric Data under the General Data Protection Regulation
