Biometric Identification and Data Protection
Copyright (c) 2026 Bojtár J. Tamás, Tóth Attila
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Abstract
Introduction: In the digital era, one of the greatest challenges faced by the financial sector is implementing customer identification in a manner that is secure and compliant with data protection requirements. Biometric identification – including fingerprints, iris patterns and facial recognition – is becoming increasingly prevalent in banking security. However, the storage and processing of such sensitive personal data pose significant privacy risks, as biometric traits are immutable, and any unauthorized access may result in irreversible harm.
Objectives: This study explores how homomorphic encryption and decentralized data storage can enhance the protection of biometric data and strengthen system security without compromising the efficiency of authentication. The primary objective is to identify the main data protection challenges within banking security practice and to analyse emerging technological trends addressing these risks.
Methodology: The research combines a comprehensive literature review, an analysis of the relevant legislative and standardization framework, and primary data collection. Empirical data were obtained through a questionnaire survey and semi-structured interviews with professionals in banking security, information security and data protection, coupled with a comparative assessment of centralized and decentralized data storage models.
Results: The empirical findings reveal that 62.5% of respondents were familiar with homomorphic encryption, and 96.7% of them regarded it as a viable method for protecting biometric data. Additionally, 79.2% were aware of decentralized storage, with 82.9% recognizing it as a solution that enhances the protection of biometric information.
Conclusion: Expert interviews confirmed that these technologies significantly reduce the risks of data theft and leakage, while supporting the application of the GDPR’s privacy by design principle. The findings validate the risk-reduction effectiveness of the examined technologies and underscore the importance of enforcing privacy by design and fine-tuning regulatory frameworks to facilitate their practical integration.
Keywords:
References
ALBRECHT, Martin et al. (2018): Homomorphic Encryption Security Standard. Homomorphi-cEncryption.org. Online: https://homomorphicencryption.org/wp-content/uploads/2018/11/HomomorphicEncryptionStandardv1.1.pdf
CHRIPKO, A. (2025, december 2): Cursor Insight | How Accurate Is Walking Recognition? Uncovering the Precision of Our Technology. Online: https://How Accurate Is Walking Recog-nition? Uncovering the Precision of Our Technology
CSABA Zágon – TÓTH Attila (2024): A Magánbiztonsági és Önkormányzati Rendészeti Tan-szék tíz éve tudományos publikációkban. Magyar Rendészet, 24(6), 145–162. Online: https://doi.org/10.32577/mr.2024.ksz.10
DAUGMAN, John (2024): Short Biographical Sketch of John Daugman. Online: https://www.cl.cam.ac.uk/~jgd1000/bio-sketch.html
GENTRY, Craig (2009): A Fully Homomorphic Encryption Scheme. Disszertáció. Stanford Egyetem. Online: https://crypto.stanford.edu/craig/craig-thesis.pdf
Global Resilience Institute (2015): 5.6 Million Fingerprints Stolen in OPM Data Breach. Glo-bal Resilience Institute. Online: https://globalresilience.northeastern.edu/5-6-million-fingerprints-stolen-opm-data-breach/
GROTHER, Patrick – SALAMON, Wayne – CHANDRAMOULI, Ramaswamy (2013): Biometric Specifications for Personal Identity Verification. [H. n.]: National Institute of Standards and Technology. Online: https://doi.org/10.6028/NIST.SP.800-76-2
JAIN, Anil K. – NANDAKUMAR, Karthik – ROSS, Arun (2016): 50 Years of Biometric Rese-arch: Accomplishments, Challenges, and Opportunities. Pattern Recognition Letters, 79(1), 80–105. Online: https://doi.org/10.1016/j.patrec.2015.12.013
LIPPAI Zsolt – MEZEI József (2024): Gondolatok a magánbiztonsági szektor humánkockázat-kezeléséről. Nemzetbiztonsági Szemle, 12(1), 18–35. Online: https://doi.org/10.32561/nsz.2024.1.2
Office of the Privacy Commissioner of Canada (2021): PIPEDA Findings #2021-001: Joint investigation of Clearview AI, Inc. by the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’information du Québec, the Information and Privacy Commissioner for British Columbia, and the Information Privacy Commissioner of Alberta. Online: https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2021/pipeda-2021-001/
SZABÓ Máté Dániel (2004): Biometrikus azonosítás és adatvédelem. Acta Humana: emberi jogi közlemények, 15(1), 81–92. Online: https://nda.sztaki.hu/kereso/index.php?a=get&id=671993&pattern=&t=Biometrikus+azonos%EDt%E1s+%E9s+adatv%E9delem
TISZOLCZI, Balázs G. (2023): Biztonságtechnikai rendszerek védelme, biztonságos üzemelte-tése. In GYARAKI Réka (szerk.): Az információbiztonság alapjai. Budapest: Nemzeti Közszol-gálati Egyetem, 113–180. Online: https://doi.org/10.37372/mrttvpt.2023.3
TRAURING, Mitchell (1963): Automatic Comparison of Finger-Ridge Patterns. Nature, 197(4871), 938–940. Online: https://doi.org/10.1038/197938a0
UJHEGYI Péter (2023): A biometria elterjedésének elemzése. Belügyi Szemle, 71(8), 1463–1491. Online: https://doi.org/10.38146/BSZ.2023.8.7
UJHEGYI Péter – KUN Tamás (2020): Adatkezelés mesterfokon – a biometrikus azonosítás és a jogszabályi háttér. Biztonságtudományi Szemle, 2(3), 13–30. Online: https://biztonsagtudomanyi.szemle.uni-obuda.hu/index.php/home/article/view/75
US Department of Homeland Security. (2020). Review of CBP’s Major Cybersecurity Incident During a 2019 Biometric Pilot (OIG-20-71). https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf
WALKER, A. et al. (2019): Helping Organizations Do More Without Collecting More Data. Google Online Security Blog. Online: https://security.googleblog.com/2019/06/helping-organizations-do-more-without-collecting-more-data.html
Felhasznált jogszabályok
- 2024. évi LXIX. törvény Magyarország kiberbiztonságáról
Az Európai Parlament és a Tanács 2016. április 27-i (EU) 2016/679 Rendelete a természetes személyeknek a személyes adatok kezelése tekintetében történő védelméről és az ilyen adatok szabad áramlásáról, valamint a 95/46/EK irányelv hatályon kívül helyezéséről (általános adat-védelmi rendelet)
Az Európai Parlament és a Tanács 2022. december 14-i (EU) 2022/2555 Irányelve az Unió egész területén egységesen magas szintű kiberbiztonságot biztosító intézkedésekről, valamint a 910/2014/EU rendelet és az (EU) 2018/1972 irányelv módosításáról és az (EU) 2016/1148 irányelv hatályon kívül helyezéséről (NIS 2 irányelv)
Szabvány
ISO/IEC 24745:2022(en) Information Security, Cybersecurity and Privacy Protection – Biometric Information Protection