Blogs & Articles
Biometric access: merging innovation, privacy, and ethics
September 04, 2023

In today's increasingly interconnected world, the security of physical spaces is as crucial as that of digital domains. Biometric access control stands at the intersection of these two realms, offering unprecedented accuracy and convenience. Yet, the integration of biometrics into access control systems brings forth an array of ethical and privacy concerns.

As companies spearhead innovations in this area, they also shoulder the responsibility of addressing these challenges with a keen emphasis on user consent, data protection, and ethical use.

We recently spoke to Jeff Nielsen, CTO of Brivo and Seongbin Choi, the Head of Suprema R&D Center, for a deep-dive into this subject, unraveling the intricacies of biometric data storage, its ethical implications, and the role of behavioral biometrics in reshaping access control. In this article, we'll explore the tech advancements and the benchmarks set to ensure that cutting-edge security doesn't compromise individual rights and privacy.


Ensuring compliance worldwide

Given the diverse regulations governing the storage and utilization of biometric data in the US and across the world, Brivo is committed to adhering to the strictest among them. It is paramount that biometric information is accorded the same level of care and sensitivity as other Personally Identifiable Information (PII).

Nielsen pointed out that the ethical use of biometric data includes:


  • Obtaining explicit consent from each individual user to store and use their biometrics in conjunction with access control
  • Allowing the user to revoke that consent at any time with the system purging any stored information
  • Using this biometric data only for its stated purpose in conjunction with access control and not for any adjacent purposes


“Biometric data should also be stored in an encrypted manner and in a manner that cannot be reverse engineered,” Nielsen added. “For example, our facial recognition algorithms encode facial data in a form that cannot be reconstructed into the source photograph.”

Echoing these sentiments, Seongbin Choi, the Head of Suprema R&D Center, emphasized the imperative for providers of biometric access control solutions to secure explicit consent from users when collecting personal data. Additionally, they must fortify this data with advanced encryption techniques. Suprema rigorously adheres to global laws, regulations, and privacy policies in its data collection and usage practices.

“Also, Suprema's access control systems are equipped with advanced security technologies,” Choi added. “Suprema implemented ‘Secure Coding’ for software development to prevent security vulnerabilities effectively. Also, ‘Secure Boot’ ensures a safe system startup by restricting the installation of unauthorized software. Lastly, the adoption of a ‘Secure Element’ chip protects encrypted privacy information by securely storing cryptographic keys in a separate location.”

To ensure the highest standards of data protection, Suprema's software and hardware devices are meticulously designed and developed in compliance with ISO/IEC 27001, ISO/IEC 27701, and GDPR (General Data Protection Regulation). At every stage of product design and development, Suprema strictly adheres to GDPR, the world's most stringent privacy and data protection law. Suprema serves customers in countries with stringent privacy regulations, including the United States, Europe, and Korea.

Also, Suprema’s exclusive authentication method, ‘Face Template on Mobile,’ lets users enroll in an access control system and store their face profile directly on their own mobile devices. This gives the users complete control over their own ID and their privacy. The company does not have to handle users’ biometric data because it is not stored in the company’s database.


Behavioral biometrics in access control

Behavioral biometrics offer insights into what individual doors are opened when and by whom but can also take into consideration the movement/activity of users throughout a space.
“Brivo is investing heavily into pattern recognition that allows for behavioral ‘anomaly detection,’ to address the perennial problem of wanting to surface only those events which are worthy of further investigation, while not overwhelming security administrators with mountains of data that represents routine or normal activities,” Nielsen said. “Brivo’s anomaly detection research focuses on using AI to both analyze and predict ‘normal’ behavior for each location and credential-holder pair.”
This information can be used to flag behavior that falls outside the norm and also to notify when there is an absence of expected activity. This could make access control systems much more powerful in enhancing an organization’s actual security posture.



In today's digital age, combining physical and digital security through biometric access control is akin to merging two worlds with vast potential. As we navigate this space, it's clear that such advancements are not just about technological leaps but also about ethical considerations.
Industry frontrunners like Brivo and Suprema set the tone, embodying the essence of marrying innovation with responsibility. Perspectives from experts like Jeff Nielsen and Seongbin Choi serve as a reminder: as we embrace a biometric future, we must do so with both enthusiasm and caution.
Furthermore, the emerging influence of behavioral biometrics, enriched by the power of AI, heralds an era where security isn't just reactive but also predictive. As we integrate biometrics more deeply into our daily security protocols, the road ahead is complex, requiring a fine balance of technological excellence and respect for individual privacy. The promise is clear: a future where our security mechanisms are not only more potent but also more considerate of the individual at their core.