article / 22 Nov 2022
Amazon going biometric – pay with the palm of your hand
New technologies based on biometric data makes payments easier and faster. Amazon is one of the actors on the market that has invested in the development of a biometric system enabling in-store purchases by using the hand palm as a means of payment. Although such innovation may make the everyday life more effortless, there are some legal aspects to be considered.
In 2020, Amazon introduced its innovation called Amazon One. The biometric system Amazon One, which has become an alternative to traditional point of sale systems, allows customers to register the palm of their hand, payment card and phone number at the entry of a store, and then pay at the checkout point simply by the customers holding the registered hand palm over a scanning device. Beyond retail stores, Amazon One could also be used in as an example stadiums and office buildings, in order for people to perform more everyday activities effortless. Having tested the technology in Amazon’s own stores in the US, Amazon One has been licensed to different third parties, and in August this year it was announced that the biometric system will now be licensed to an additional 65 Whole Foods stores across California.
There are also other actors that advocate payment by biometric solutions. In May this year, Mastercard launched a pilot project enabling payments in retail stores by facial recognition or fingerprints. The technology has already gone live in retail stores in Brazil and the aim is to roll it out globally this year. Furthermore, the Swedish financial company Rocker launched an innovation this year that represents the first biometric payment card in Sweden. Instead of entering a PIN code, the card enables purchases through fingerprint ID, regardless of the amount of the purchase. The card is certified by Visa and can be used in card terminals worldwide. Worth to mention is that the Swedish company BankID, a company owned by several large Swedish banks and which provides an electronic identification system, soon will launch a biometric system enabling transactions via facial recognition.
Actors on the market consider biometric payment systems to not only bring practical and efficiency benefits, but to also be less risky than traditional systems in terms of integrity. Among other things, it is claimed that the technology increases security and prevents counterfeiting. However, despite the many benefits, biometric payment systems raise a host of privacy law concerns and there are also other legal aspects to be considered.
According to the Data Protection Regulation (“GDPR”), biometric data is considered as personal data of sensitive nature which requires stronger protection than other types of personal data. As an effect thereof, the processing of such data requires, when at all allowed, as a main rule specific and explicit voluntary consent by the person to whom the data belongs.
As a result of a proposed new EU legislation – a regulation on artificial intelligence (“AI”) – additional requirements are in the pipeline and the provisions are planned to be fully applicable in the second half of 2024. Like the GDPR, the proposed AI regulation will apply, not only to actors within the EU, but also to foreign actors that bring and use AI systems in the EU.
Since the suggested rules are intrusive, providers of biometric payment systems should carefully consider them and analyse their solutions against them, to ensure that their services are satisfactory compliant and otherwise, if not, to ensure that necessary adaptions can be made to avoid investing in systems that may be prohibited by the new EU regulation.
In conclusion, new innovations bring new possibilities but the legal landscape sets frames for what may be provided, and since that landscape is under continuous change and development, it is necessary to stay updated.