Banks Will Not Be Able to Force the Use of Biometric Identification (Fingerprint or Face)

Banks Will Not Be Able to Force the Use of Biometric Identification

Biometric identification is something increasingly common to access mobile phones, computers or even applications individually. The face, fingerprint or iris are the most common, and allow us to quickly access a service, or use it as a second verification together with the password. However, using them can also be a danger to privacy if the platform or service does not correctly encrypt the information, and now the banks will not be able to force us to use it.

This has been determined by the Spanish Data Protection Agency (AEPD) , in a report in which it makes it clear that biometric data can only be requested voluntarily , and will not be mandatory in any case at the time of opening an account in the entity.

Biometric data may only be optional

The report was written as a result of a bank proposing that the biometric data of a client be recorded when registering at the office or through an online channel to verify their identity. Furthermore, future verifications could also be carried out in order to prevent money laundering, fraud or even possible links with terrorism.


The AEPD’s response has been very clear: there is no law that specifies cases in which the general interest of collecting biometric data is greater than that of the user’s privacy, nor are the necessary guarantees or safeguards established. Ultimately, it is neither proportional nor necessary.

Other cases where privacy is a priority

What is published in this report is similar to what the Constitutional Court determined on the request of political parties to create ideological profiles of citizens. It is also similar to the case of Mercadona , which conducted a test last year in 40 supermarkets with a network of surveillance cameras with facial recognition to, supposedly, identify registered criminals. Fortunately, the Barcelona Provincial Court determined that the level of intrusion into the lives of users was disproportionate, since to identify a few thieves it was not necessary to save the biometric data of all customers.

Although it is positive that it is not mandatory to use biometric data in banking apps , it is highly recommended to use this verification system together with passwords or PIN , since we have a double verification that guarantees that a person who may know our credentials cannot access our account. And more today, where more and more procedures can be carried out from mobile applications.

The biometric data that is stored does not have direct information about us. For example, in the case of the fingerprint reader, what is generated is an encryption key associated with our fingerprint, which is then checked to identify us.