Privacy Daily is a service of Warren Communications News.
Subscriber Login

Biometric Data Systems Should Include Revocability, Software Engineer Says

May 28, 2025 |Data Security

Biometric systems must be designed in a way that honors the ability to revoke and delete data, especially with the rise of biometric authentication in daily life, said privacy-focused system design software engineer Naveen Kumar Reddy Pajjuri in an IAPP piece Wednesday.

Sign up for a free preview to unlock the rest of this article

Start My Free Preview

"Unlike passwords, biometric identifiers can't simply be reset," though there are many reasons why individuals may want to revoke biometric consent, Pajjuri wrote. "The problem is, most systems aren't designed to handle this. Even when users delete their biometric profile, residual traces often remain -- in logs, backups, analytics pipelines, or machine learning models," and "many systems treat biometric templates as long-lived assets, designed to persist indefinitely for convenience or business efficiency."

Though users can click delete, the data lives, creating a false sense of security, he wrote. But reconsidering a few assumptions about biometrics could actually enable revocability within biometric systems, Pajjuri suggested.

For one, not all biometric information needs to be stored. "[O]n-device matching or ephemeral processing can provide authentication without central storage," Pajjuri said. If consent is dynamic, not a one-time checkbox, it can be "reevaluated with every data access," he added. "True deletion includes removing data from live systems, backups, caches and downstream processors -- or at the very least, making users aware of where deletion cannot occur," so it must be a thorough process.

"Revocation-friendly design is achievable when certain principles are built into system architecture," he said. "Design biometric templates with revocation in mind: version them, timestamp them, and enable workflows that allow for their secure removal across environments." Organizations can start the process, Pajjuri said, through data mapping and finding out where data lives, and creating a deletion workflow from there.

A change in mindset is also key. Looking at biometric data "as something entrusted to the organization by the user -- not owned by the organization ... can lead to more thoughtful, privacy-respecting implementations," he said. These adapt to the user, which "doesn't diminish the value of biometrics," but rather "enhances trust in the systems that use them."

"Revocability isn't just about compliance," Pajjuri said. "It's a measure of respect. And in an era where biometrics are replacing passwords, that respect must be embedded in the system itself."