Editor’s note: The Astana Times continues a section featuring articles by our readers. As a platform that values diverse perspectives and meaningful conversations, we believe that this section provides space for readers to share their thoughts and insights on various topics that matter to them and the AT audience.
Anel Zhuvanizbayeva.
Every time we unlock our phones, enter our office, apartment, or even a government platform with face recognition or other biometric access, we are handing over something important. We are handing over our identity. If a password can be changed, biometric data cannot be replaced. So what do we do?
First, we need to understand that biometric information is very unique compared to other personal data. If someone steals a credit card number with a password, we can easily block or replace it by making a call to the bank. But if our fingerprints or facial scans end up in the “wrong hands,” we cannot re-issue a “new” identity. The consequences of the leak are permanent. Breaches of biometric databases have already occurred in various parts of the world, and millions of people have faced fraud and identity theft.
Second, it is known that in almost all countries worldwide, the law is not keeping pace with technology. In Kazakhstan, the Law on Personal Data and Its Protection outlines a definition of “biometric data” and sets out broad rules to secure personal data. However, the Law does not set specific rules linked to biometrics. The European Union’s General Data Protection Regulation (GDPR) treats biometric data as “sensitive” and requires strict safeguards. As a result, many European companies and organizations introduce internal rules for data protection. But still, the rules do not apply to all cases, and ordinary citizens lack protection rights.
Third, the spread of biometric systems is moving much faster. Airports, banks, and even mobile apps increasingly require fingerprints, face scans, or voice samples in exchange for convenience. Many providers treat biometric data without any ethical or security considerations. However, the consequences can be very serious for an individual.
Technology has clear benefits for our daily lives. It is fast and convenient, and of course, we cannot abandon biometrics. Also, personal data leaks will happen, but we need to understand the consequences and how to protect ourselves. For Kazakhstan, there are two practical steps.
Our legislation should include a separate category for biometric data. In practice, some companies store Kazakh citizens’ personal data on foreign servers, even though this is against the law, and government agencies are not monitoring such violations effectively. The law should introduce stricter standards for the collection, storage, and obtaining of consent. At the same time, sanctions in the Administrative and Criminal Codes should be increased so that breaches carry real consequences.
We need to educate the public. People need to understand their rights and realize that every time they use Face ID or a fingerprint scan, they are trading privacy for efficiency. Citizens should know that handing over biometric identifiers like a face or fingerprint can have serious consequences if misused.
Next time we unlock our phone with Face ID, we should ask ourselves: “Do I want to give away parts of my identity without protection?”. We should also consider implementing stronger rules to keep our data safe.
The author is Anel Zhuvanizhbayeva, a graduate student of the Nazarbayev University Graduate School of Public Policy.
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the position of The Astana Times.
