A biometric fingerprint system in use in an internally displaced people's camp in North Kivu, Democratic Republic of the Congo
The International Committee of the Red Cross (ICRC) has long been using biometrics to support the implementation of its mandate in limited use cases, for example in respect to forensics and the restoration of family links. As new technology provides new opportunities for the organisation to use biometrics in different contexts, the ICRC has adopted a dedicated Biometrics Policy designed to facilitate their responsible use and address the data protection challenges this poses.
Biometric data is widely recognised as sensitive personal data because once it has been collected, if retained, it creates a permanently identifiable record of an individual. For ICRC beneficiaries this can be problematic because they may not want to be identifiable forever – on the contrary – particularly if there is a risk that data may be leaked or subject to unauthorised access by third parties.
For the ICRC, the protection of personal data whose disclosure could put its beneficiaries at risk, or otherwise be used for purposes other than those for which it was collected, is an integral means of preserving its neutrality, impartiality, and independence, as well as the exclusively humanitarian nature of its work.
The Policy on the Processing of Biometric Data by the ICRC was adopted by the Assembly in August 2019.
• Facilitating innovation, ensuring protection: the ICRC Biometrics Policy
• The ICRC and data protection
• The ICRC Data Protection Office
• Data protection in humanitarian action