/Interview: “Compliance for us is not just about meeting legal requirements; it’s about exceeding them to provide assurance to our users and clients”

Leire Arbona Puértolas, Director of Legal and Compliance, has been honored with the prestigious Women in Biometrics Award by the Security Industry Association (SIA) for 2024.

This award recognizes Leire’s outstanding contributions to the biometrics industry, where her work in merging legal integrity with technological innovation has set new privacy and data protection standards.

Leire is celebrated alongside notable awardees Melissa Conley from TSA, Heather Haller from FBI, and Caitlin Kneapler from DHS, all of whom have significantly enhanced global security. The awards ceremony will take place at the SIA GovSummit on May 21 in Washington, D.C., an event that brings together top government and private sector professionals to discuss critical security issues.

SIA serves as the leading trade association for global security solution providers. With over 1,400 member companies, SIA plays a critical role in promoting industry growth through advocacy, the development of open standards, and hosting high-level conferences such as ISC expos and the Securing New Ground conference.

Below is a short interview with Leire:

1. What inspired you to pursue a career in legal and compliance within the biometric technology field?

   “The thrill of entering a sector where the laws are still being shaped truly drew me in. I was captivated by the challenge and opportunity to innovate in legislation, especially at the intersection of technology and law. In biometric technology, where advancements happen rapidly, regulations are critical to understand and adapt to these technologies. This field requires not just knowing the limits but creatively defining the “how to” and “how not to”—guiding how technologies can be integrated responsibly into our lives while ensuring that tech development and regulation advance hand in hand.”

2. Can you describe the journey to founding the Legal and Compliance department at Veridas?

   “When I joined Veridas in 2017, it was immediately evident that to innovate responsibly with biometric technologies; we required a strong legal framework that was deeply integrated with every facet of our operations. Establishing the Legal and Compliance department became a foundational and unifying step for the company. From the outset, every department at Veridas understood and embraced the importance of embedding compliance, privacy, and legal considerations into the development of our technologies. This collective commitment has been crucial in building trust and ensuring that our products always uphold the highest privacy and security standards.”

3. What challenges have you faced in your role, and how have you overcome them?

   “One of the overarching challenges—and indeed a challenge for any jurist in this field—is mastering the technology we need to regulate. It’s essential to step beyond traditional legal boundaries and deeply understand the technologies at their core. You cannot effectively regulate what you do not fully comprehend. My approach has been continuously learning about our technologies, maintaining proactive relationships with international regulators, and dynamically adapting policies.”

4. How do you ensure Veridas complies with international laws on data protection (GDPR, CCPA AIA,…) and artificial intelligence?

   “Compliance for us is not just about meeting legal requirements; it’s about exceeding them to assure our users and customers. We implement rigorous data protection measures and regularly review our compliance frameworks in light of new legislation. Education and training within our team are also crucial.”

5. As a woman in technology, what has been your experience in this male-dominated industry?

   “It has been both challenging and rewarding. Diversity in tech is crucial for creating balanced and innovative solutions. I focus on mentoring young women in the field, advocating for diversity and inclusion, enriching our industry and promoting better decision-making processes. At Veridas, I feel fortunate; the team of men and women alike have always supported me. This sense of equality within our company has been instrumental in allowing me to contribute my best work and help lead the way forward.”

6. What role do you believe biometric technology will play in the future of identity verification?

   “Biometric technology is not only transforming identity verification by making it more secure and accessible but is also playing a pivotal role in enhancing inclusivity across various sectors. We are already seeing significant impacts where technology ensures that everyone, including those who have traditionally faced marginalization, such as people with disabilities, can assert their identity conveniently and securely. For example, in Mexico, pensioners can now give proof of life from home using voice biometrics. In Spain, residents of the San José Residence in Navarra for people with disabilities experience greater autonomy and comfort by being able to open their own bedroom door using facial biometrics. These examples underline biometrics’ potential to close the disability gap, promising a future where technology empowers all individuals without compromising their privacy.”

7. What does winning the Women in Biometrics Award mean to you and your future goals?

   “Winning this award is an incredible honor that validates our efforts in ethical technology implementation. It reinforces my commitment to continue advocating for responsible biometric solutions that respect user privacy and contribute positively to society. Looking forward, I aim to influence further global standards and legislation around biometrics and digital identity.”

8. How do you balance the need for innovation with the imperative of privacy in the development of new biometric technologies?

   “Innovation and privacy are not adversaries; when approached wisely, they complement and enhance each other. At Veridas, we commit to designing biometric solutions that embed privacy from the start, adhering to the principles of privacy-by-design and privacy-by-default. This approach means integrating strong data protection features from the product’s initial design phase and throughout its lifecycle. Moreover, understanding the technology thoroughly dispels misconceptions and enables us to leverage its benefits effectively. I believe it is our duty as leaders in the industry to demystify how biometric technologies work, ensuring that both the public and regulators can make informed decisions about their use.”

9. What key trends do you anticipate in biometric technology regulations over the next few years?

   “As biometric technologies continue integrating into our daily lives, I foresee a significant shift towards more comprehensive and ethically-focused regulations. We are moving beyond basic data protection to address how these technologies can be used responsibly. The future of biometric regulation will likely include stricter enforcement on ethical practices, ensuring technologies are secure, private, inclusively designed, and environmentally responsible. This shift is about embracing a holistic view of what it means to use technology ethically, considering the wider impacts on society.”

10. Can you share an example of a project at Veridas that you found particularly challenging or rewarding?

    “One of the most rewarding projects has been aligning our practices with the Artificial Intelligence Act (AIA). This regulatory framework is crafted at a pivotal time when we (developers, regulators, and citizens) have a robust understanding of biometric technologies, which allows us to discuss risks and applications from a well-informed and ethical standpoint. The AIA explicitly recognizes our right to use biometrics voluntarily for identity verification while setting clear boundaries against its use for indiscriminate surveillance. Working on this has reflected our commitment to ethical practices and positioned Veridas at the forefront of compliance and innovation in biometric technologies.”

11. How do you foster a culture of compliance and ethical practice within Veridas?

    “At Veridas, fostering a culture of compliance isn’t just a policy; it’s a core part of our identity that permeates every level of the organization, from the newest developer to the CEO. We approach compliance as an integral aspect of our product design and business model. We don’t just sell technology; we sell technology crafted from the deepest commitment to compliance. This means starting from ‘how yes’—always looking for ways to enable and empower through our solutions while adhering to ethical and compliance standards.”

12. Looking ahead, how do you plan to influence the broader conversation about biometrics and privacy?

    “I plan to continue engaging in dialogue at international forums and with regulatory bodies to advocate for fair and responsible biometric practices. Sharing our experiences and challenges at Veridas helps shape a more informed discussion about the future of biometrics. Additionally, contributing to industry publications and participating in standard-setting organizations will influence how biometric technologies are perceived and regulated globally.”

13. How do the GDPR and the AIA work together to enhance European privacy and identity protection?

    “The GDPR and the AIA form a formidable partnership in establishing benchmarks for privacy and responsible technology use across Europe. The GDPR serves as the foundation for data protection, mandating transparency, consent, and the protection of individual rights. Meanwhile, the AIA extends beyond mere ethical considerations to provide a comprehensive framework that evaluates the risks associated with implementing various types of artificial intelligence, including biometric systems. This approach ensures holistic protection of fundamental rights and ethics in the digital age. Together, they ensure AI-driven technologies respect privacy and foster trust, vital for maintaining user confidence. This regulatory synergy is crucial for the sustainable growth of European tech and serves as a model that could influence similar frameworks internationally. As we’ve seen with GDPR’s impact on privacy laws in Latin America, the principles set by the GDPR and AIA could inspire analogous regulatory developments in the U.S., guiding the ethical implementation of AI across diverse legal landscapes.”

14. How do you see the GDPR and AIA collaboration influencing Veridas’s strategy and product development?

    “At Veridas, we’re not just complying with regulations; we’re utilizing them to define clear boundaries—’ this yes and this no’—which help us create trusted solutions that enable individuals to prove who they are simply by being who they are. Our adherence to these strict standards of compliance under both GDPR and the newly integrated AIA provides us with a distinct competitive edge, as it assures our clients of our commitment to responsible and innovative technology. This dual compliance is more than a legal requirement; it’s a cornerstone of our value proposition in the European and global markets.”