“This project was carried out as part of the “Carreras con Impacto” program during the 14-week mentorship phase. You can find more information about the program in this entry”.

Background: This project arises from the urgent need to improve the protection of biometric data in Latin America, especially with the growing integration of artificial intelligence (AI) in the region. Unlike the European Union, which has advanced regulatory frameworks such as the Artificial Intelligence Regulation, Latin America still lacks robust regulations and effective technological tools to safeguard this critical data.

The main objective is to compare biometric data protection regulations in Latin America with those of the European Union to identify gaps and areas for improvement, as the current situation in the region reveals a number of vulnerabilities due to the lack of adequate regulations and advanced technologies, which increases the risk of privacy violations.

In addition, it seeks to develop practical recommendations to strengthen biometric data protection in Latin America, adapting European best practices and technologies to local realities and promoting a more secure and effective environment for the handling of these data

With respect to my personal goal, my objective is to increase the possibilities of increasing biometric data protection at the regional level, with a view to avoiding privacy violations, as well as scams, data selling, and other associated risks. 

In addition, I seek to give relevance to this issue in Latin America, as there is a great backlog due to the lack of popular and governmental interest in the protection of these data. 

What did I do?

The study examines biometric data protection in Latin America amid the growing presence of Artificial Intelligence (AI) and compares it to European Union regulations to identify areas in need of improvement. It highlights important regulatory gaps in Latin America, including a lack of specific laws that jeopardize privacy and security. Although some Latin American laws are inspired by European models, advances in biometric technology, such as facial recognition and device unlocking, underscore the urgency for better protection.

The analysis reveals that the adoption of advanced EU practices, such as encryption and multi-factor authentication, could significantly improve protection in Latin America. The study also notes considerable variability in technology adoption and challenges such as uneven technology infrastructure and cultural resistance to new regulations. However, success stories from countries such as Uruguay, Mexico, and Colombia demonstrate that it is possible to overcome these barriers with appropriate strategies, but it highlights some recommendations for improvement at the regional level.

What did I find? 

During the project, significant gaps in biometric data protection between Latin America and the European Union were identified, as many Latin American countries lack specific regulations, putting privacy at risk. Advanced EU practices, such as encryption and multi-factor authentication, could greatly improve protection in Latin America. In addition, there is considerable variability in technology adoption and uneven technology infrastructure in the region, making uniform implementation difficult.

There is an urgent need to develop sound legal frameworks in Latin America and to adapt European best practices to local contexts. In this regard, the EU experience offers valuable lessons, such as broadening the definition of biometric data, establishing strict consent requirements, prohibiting the use of data for profiling without consent, and strengthening data protection authorities. Likewise, promoting the harmonization of national legislation is essential to create a uniform legal framework and facilitate the processing of biometric data by companies in the region.

What process do I follow to issue recommendations to improve biometric data protection in the region?:

• Comparative analysis: The legal and regulatory frameworks for biometric data protection in Latin America were compared with those of the European Union in order to identify similarities, differences, and opportunities for improvement in the Latin American region.
• Risk assessment: The risks associated with the collection and use of biometric data in Latin America, especially in the context of Artificial Intelligence, were analyzed to identify practices that could represent a significant risk to the privacy of individuals.
• Proposed recommendations: Based on the research findings, practical recommendations adapted to the specific realities and needs of Latin America were proposed, taking into account lessons learned from European regulations.

My background in international relations and political studies has helped me to deepen my research on regional legislation on biometric data protection, as it is a topic directly related to security, political processes, and the scope of the state.

Likewise, the regional recommendations are tailored to the diverse politics of each of the countries but focus on possible future cooperation and legal coordination on the subject.

What could be next?

Exploring the adoption of emerging technologies is essential to strengthen the security and privacy of biometric data in Latin America. If these technologies are properly targeted and utilized, they can offer innovative solutions that ensure data integrity and traceability, adding an extra layer of protection against tampering and unauthorized access. However, these actions require financial and human resources that can be difficult to achieve. 

It is equally important to investigate how Artificial Intelligence (AI) impacts biometric identification and authentication processes. While AI promises advances in accuracy and efficiency, it also poses ethical and legal challenges that must be carefully evaluated. It will be crucial to examine how AI systems manage biometric data, ensure that algorithms are fair and transparent, and protect privacy rights. The main challenge will lie in adapting research and access to information with respect to the accelerated pace of development and refinement of these types of technologies.

There are also doubts about the implementation capacity of the different regulations, as they could exceed the capacity of the state apparatus. It should also be considered that the instability and lack of continuity of political projects in the region may constitute a limiting factor for the construction of joint legislation at the regional level. 

This project will be key to designing and implementing new regulations by comparing the legal frameworks of Latin America with those of the European Union, but it is necessary to delve deeper into the specific characteristics of each Latin American country included in the study, as it is only a first glimpse into this broad topic.

References: 

1. European Union (2016) General Data Protection Regulation. Retrieved from: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 
2. Charter of Fundamental Rights of the European Union (2000). Retrieved from: https://www.europarl.europa.eu/charter/pdf/text_es.pdf  
3. Chilean Law 19628 (1999). Retrieved from: https://www.bcn.cl/leychile/navegar?idNorma=141599 
4. Colombian Law 1581 (2012). Retrieved from: https://www.funcionpublica.gov.co/eva/gestornormativo/norma.php?i=49981 
5. Mexican Federal Law on the Protection of Personal Data in Possession of Private Parties (2010). Retrieved from: https://www.diputados.gob.mx/LeyesBiblio/pdf/LFPDPPP.pdf   
6. General Law on the Protection of Personal Data in Brazil (2018). Retrieved from: https://www.jusbrasil.com.br/legislacao/612902269/lei-13709-18 
7. Uruguayan Law No. 18.331 (2008). Retrieved from: https://www.impo.com.uy/bases/leyes/18331-2008 
8. Organic Law on the Protection of Personal Data (Spain) (1999). Retrieved from: https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673     
9. ISO/IEC 24745:2022 - Information security, cybersecurity and privacy protection. Retrieved from: https://www.iso.org/standard/75302.html 
10. ISO/IEC 29134:2023 - Information technology — Security techniques — Guidelines for privacy impact assessment. Retrieved from: https://www.iso.org/standard/86012.html