For years, privacy in the digital world was treated as a compliance problem. Organisations focused on collecting consent, writing policies, and securing databases. That approach made sense in an era when digital identity was peripheral, and fraud was limited in scale. But that era is over.
Today, privacy has become a system requirement.
Biometrics now sit at the heart of how people access services, exercise rights, and participate in society. At the same time, the risks have multiplied. Data breaches expose millions of identities at once. Artificial intelligence enables large-scale impersonation. And once compromised, traditional biometric data cannot be changed. In this context, privacy is no longer about how data is stored, but about who controls identity, how it is used, and whether it can be withdrawn.
This shift forces a fundamental question: Are current biometric models compatible with the new expectations of privacy?
Why traditional biometrics struggle in the new privacy landscape
Traditional biometric systems were designed for a different world. Their original purpose was to enable interoperability between authorities, standardise documents, and support border control and law enforcement. To achieve that, they relied on fixed, reusable biometric templates that could be stored, compared, and shared across systems.
In controlled environments, this model worked. In today’s digital, civilian, and user-centric context, its limitations are increasingly evident.
Fixed biometric templates concentrate risk. If compromised, they expose individuals permanently. They can often be reused across contexts, enabling correlation and unintended secondary use. And they place the burden of trust on organisations, rather than empowering individuals to control their own identity.
The problem is not that traditional biometrics are “bad technology.” The problem is that privacy expectations have evolved, and the architecture has not kept pace.
Privacy has changed: from consent to control
Modern privacy frameworks, such as the GDPR, the EU AI Act, and the Charter of Fundamental Rights, reflect a deeper shift. Privacy is no longer understood merely as protection against misuse. It is increasingly framed as agency.
People expect:
- Their identity to be used only for a specific purpose.
- Their data to be minimised by design.
- Their consent to be meaningful and reversible.
- Their identity to remain under their control, not locked into permanent records
In other words, privacy today is about sovereignty. Systems that rely on static, irreversible biometric data struggle to meet these expectations, even when well-intentioned.
A paradigm shift: Renewable Biometric References (RBRs)
This is where a new model of biometrics emerges. Renewable Biometric References (RBRs), as defined in ISO/IEC 24745:2022, represent a structural departure from traditional biometric templates. Rather than storing biometric traits or extractable representations, RBR-based systems generate abstract, irreversible references derived through artificial intelligence.
These references:
- Do not store faces, voices, or physical traits.
- Cannot be reverse-engineered to reconstruct the original biometric.
- Are context-specific and unusable outside their intended purpose.
- Can be renewed or revoked if compromised.
Instead of treating biometrics as permanent identifiers, RBRs treat them as revocable credentials, aligned with the principles of data minimisation, purpose limitation, and user control.
From protecting data to protecting people
RBR-based biometrics are not designed to accumulate data. They are designed to avoid it. They do not ask who someone is in absolute terms, but whether a person can be verified for a specific interaction, in a specific context, at a specific moment.
This approach dramatically reduces systemic risk. There is no central pool of sensitive biometric traits to leak. There is no universal identifier to correlate across services. And there is no permanent exposure if something goes wrong.
More importantly, it restores dignity to digital identity. People are no longer required to surrender immutable aspects of themselves in exchange for access. Identity becomes functional, contextual, and voluntary.
Privacy by design, not by policy
One of the lessons of the past decade is that privacy cannot be enforced solely through regulation or contracts. If a system is architected to store irreversible biometric data, no policy can fully eliminate the associated risks.
By contrast, RBR-based systems enforce privacy technically. They make misuse structurally impossible. They prevent secondary use by design, and they give users real, operational control.
A human-centred future for biometrics
As digital identity becomes foundational to access healthcare, financial services, public benefits, and democratic participation, the stakes are clear. Trust will not be sustained by systems that ask users to choose between security and privacy.
Biometrics must evolve to meet people where they are: demanding security, transparency, and respect for their rights.
Renewable Biometric References offer a credible path forward. They demonstrate that strong identity verification and strong privacy are not opposing goals, but complementary ones when the architecture is right.
Conclusion: privacy is no longer negotiable
The future of biometrics will be judged not only by accuracy or convenience, but by whether it preserves human agency in a digital world. Privacy has changed. It now demands control, reversibility, and dignity. Biometrics must respond accordingly.
The good news is that this evolution is already underway. With models like RBRs, the industry has the tools to build identity systems that are secure, ethical, and worthy of public trust.
