Biometrics Bill

A BILL to provide for proper privacy and security in the storage and gathering of biometric data, ban the use of biometric data for advertising purposes, ban the gathering of biometric data in public spaces without express written or verbal consent, classify neurological data as a type of human tissue, and for connected purposes.
Bill ID LB029
Author(s) The Most Honourable Dame Sir Xanthe Orpheus Florence GCTL DOBC KOBC MR, 1st Marquess of Florence
Amended by N/A
First reading 2021 September 30
Royal assent TBA
Commencement TBA
Affected legislation N/A

Be it enacted by the Queen's most Excellent Majesty, by and with the advice and consent of the Lords Spiritual and Temporal, and Commons, in this present Parliament assembled, and by the authority of the same, as follows:—

1 Definitions

biometric data refers to any data gathered by or a computer based on the distinguishing biological characteristics of one or more people, excluding fingerprints and neuro-data.

biometric data source refers to a person from whom biometric data is gathered

neuro-data refers to any data gathered from a person’s brain activity.

2 Biometric Data Licence

  1. Any person or organisation wishing to gather or store biometric data must apply for a Biometric Data Licence (hereafter ‘a BDL’) from the Information Commissioner’s Office (hereafter ‘the ICO’) before they can begin operations.
  2. A BDL expires after 5 years; a holder of a BDL may apply to the ICO to have it renewed.

3 Auditing and revocation of a BDL

  1. The ICO must conduct audits of each BDL holder’s privacy and security standards, with a gap of no more than three years between successive audits of a particular holder.
  2. If the ICO determines that the privacy or security of the holder’s biometric data sources is at risk, it may revoke the holder’s BDL.

4 Egregious violations of biometric privacy

  1. A person or corporation commits an offence if they —
    1. Gather biometric data without a BDL,
    2. Store biometric data on any device other than as a securely encrypted file on the biometric data source’s personal computer without a BDL,
    3. Use biometric data for advertising purposes, or
    4. Gather biometric data in a public space, or private outdoor space to which the public has open access, without express written or verbal consent from the biometric data source.
  2. A person or corporation guilty of committing an offence under this section, on summary conviction—
    1. Is liable to a fine not exceeding the statutory maximum;
    2. Must have their BDL revoked; and
    3. May not apply for another BDL or work for an organisation or person holding a BDL.

5 Neuro-data

Neuro-data is to be treated as human tissue under the terms of the Human Tissue Act 2004.

6 Short title, commencement, and extent

  1. This Act may be cited as the Biometrics Act 2021.
  2. This Act comes into effect on 1 September 2023.
  3. This Act extends to England, Wales, and Northern Ireland.