Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications

Paragraph 2.1.2  Biometric data

62. In the context of connected vehicles, biometric data may be used, for among other things, to enable access to a vehicle, to authenticate the driver/owner, and/or to enable access to a driver’s profile settings and preferences. When considering the use of biometric data, guaranteeing the data subject full control over his or her data involves, on the one hand, providing for the existence of a non-biometric alternative (e.g., using a physical key or a code) without additional constraint (that is, the use of biometrics should not be mandatory), and, on the other hand, storing and comparing the biometric template in encrypted form only on a local basis, with biometric data not being processed by an external reading/comparison terminal.

63. In the case of biometric data, it is important to ensure that the biometric authentication solution is sufficiently reliable, in particular by complying with the following principles:

• − the adjustment of the biometric solution used (e.g., the rate of false positives and false negatives) is adapted to the security level of the required access control;

• − the biometric solution used is based on a sensor that is resistant to attacks (such as the use of a flat-printed print for fingerprint recognition);

• − the number of authentication attempts is limited;

• − the biometric template/model is stored in the vehicle, in an encrypted form using a cryptographic algorithm and key management that comply with the state of the art;

• − the raw data used to make up the biometric template and for user authentication are processed in real time without ever being stored, even locally.