- within Real Estate and Construction, Corporate/Commercial Law and Finance and Banking topic(s)
- with readers working within the Law Firm industries
Introduction
Biometrics is an umbrella term for the systematic classification, identification, analysis and description of human physical and behavioral characteristics.1 It is a categorical label for technologies used to distinguish individuals through their unique behavioral and biological markers for security, civil identification and e-governance. With the digital space in a constant flux, the convergence of the previously independent fields of artificial intelligence, intellectual property rights and biometric data, now necessitates a robust examination of the global legal framework governing privacy laws, data protection, and human rights. Biometric data-based innovations are the subject of various intellectual property right tools such as copyright, patents, trade secrets and trademarks. The question as to the ownership and the patentability of biometric information remains an unresolved and dynamic concern in the realm of intellectual property rights. Due to the highly individualized nature of biometric identifiers and data, such information can be leveraged by artificial intelligence tools to construct predictive models for developing a security and identification interface.
A. Who owns biometric information?
The intellectual property rights law governing biometric information revolves around two vital areas: the ownership and protection of biometric data. IP protection of biometric information is essential to incentivize the development and innovation of biometric systems. Regarding the question of ownership of biometric data, the dilemma of who should own the data and what rational should be applied in determining ownership rights continues to guide the lawmakers in formulating law on intellectual property rights and biometrics.
Determining ownership of biometric information requires consideration of overlapping interests and the need to adopt a rights-based approach to prevent the exacerbation of existing inequalities.2 While biometrics are unique to an individual and inherently belong to them, global legal frameworks do not uniformly uphold this proposition.3 Biometric data, while constituting a subset of personal data, is subject to a privileged legal regime governing the use and the application of data. As a result, it cannot be entirely determined or exercised solely according to the discretion of an individual. The increasing use of biometric data for problem-solving coupled with the evolution of the field toward second generation biometrics, has rendered the question of ownership of biometric data more complex – now shaped by the state, individuals, out of state groups and market forces.4
B. Patentability of biometric technologies
Bare perusal of the concept of patentable subject matter reveals that any process or product is patentable if it satisfies the trifecta of an inventive step, non-obviousness and industrial application.5 Inventions in the field of biometrics may not always meet this standard, especially due to the non-obviousness requirement. The beacon that guides legal authorities in evaluating the obviousness of an invention is to assess it from the standpoint of a person who is having ordinary skilled in the art. However, with rapidly advancing technologies and the plethora of information available, this assessment becomes increasingly complex. The nature of the field of biometrics is such that it is almost impossible to ensure that one's own innovation does not overlap with another person's work.
- Hardware vs Software
Hardware and software biometric technologies are both patentable, however; they are subject to different patenting guidelines across various jurisdictions. Hardware patent would grant intellectual property protection of the tangible aspects of biometric technology, such as sensor modules, scanners and detectors. Software patents, on the other hand, provide legal protection for the algorithm and the method used in data processing and analysis, and are typically applied in facial, voice or fingerprint authentication systems.
While hardware biometric technologies are easily patentable if they meet the basic eligibility criteria, the same does not hold true for software patenting. The abstract idea doctrine, a widely recognized principle of patent law, expressly prohibits the grant of patent protection for algorithms, methods, mental processes or any other claim that may be characterized as an 'abstract idea'. This concept of abstract ideas not being patentable is recognized under Section 3(k) of the Indian Patents Act.6, Article 52 of the EPC7, and 35 U.S.C. §101 in the U.S.8
In the case of Universal Secure Registry LLC vs. Apple Inc., Visa Inc., Visa U.S.A. Inc.,9, the plaintiffs alleged that the defendants had infringed its biometric based multi factor authentication system. The court however that the patent of the plaintiff was invalid on the grounds that was based on an abstract idea, lacking an inventive step or any improvement to the underlying technology. The court upheld the view that claim made pertained to the collection and examination of data for verifying user identity, which falls within the scope of an abstract idea. Hence, it does not involve any technological solution to a specific problem. This case is a key precedent as it affirms that abstract, software-based claims are not eligible for patent protection unless they are embedded in hardware or involve a concrete technical improvement.
This principle was reaffirmed in the landmark judgement of Alice Corporation Pty. Ltd. vs. CLS Bank International Et Al10, wherein the Court stated that the test to determine whether a technology is patentable involves first examining whether it is a patent-ineligible concept (such as an abstract idea, mathematical concepts). Once it is established that the subject matter is not inherently patent-ineligible, the claim must be assessed to determine whether it incorporates an inventive step that is significant enough to justify patent protection.
Besides the intellectual property rights framework various other laws and regulations govern the handling of biometric information:
C. Approach of the General Data Protection Regulation on Biometric Information
The European Union has established a comprehensive legal framework governing the security of biometric information through the General Data Protection Regulation (GDPR). The regulation enforces a stringent policy on the rights over and handling of biometric information. The position is as follows –
- Article 9 of the regulations firmly upholds that the use or the processing of biometric information shall be prohibited (subject to certain exceptions). This implies that an individual's biometric information cannot be violated or subject to the intervention or the control of a third party.
- Requirement of data protection impact assessment - In accordance with recital 91, the use of biometric information requires a data protection impact assessment.
- Recital 53 considers biometric data as a fundamental right and imposes an obligation on the states to undertake measures so as to protect such data and prevent the processing.
D. Position under the Indian Law
The position under Indian law regarding the protection of biometric data is quite firm, as it is classified as 'sensitive personal data' according to the Information Technology Rules, 2011. This includes any technology capable of analysing and measuring human body characteristics. Similar principles are enshrined in The Digital Personal Data Protection Act, 2023. The core principles of the act that ensure protection of biometric records of individuals are consent based data handling, enhanced due diligence obligations and purpose limitation and minimisation (This essentially implies that biometric data must be collected and processed strictly for the specific purpose for which it was obtained, retained only for as long as necessary to fulfil that purpose, and subsequently deleted.)
On a bare perusal of the legislations concerning biometric information, there appears to be a consensus on three key perspectives.
First, biometric information, as a facet of an individuals' personal data is generally subject to the ownership and the control of that individual.
Second, such ownership is governed by a privileged and complex legal framework designed to prioritised public interest.
Third, although the biometric information pertains to an individual, the technology used to analyse and process that information may be protected under intellectual property rights, even at times against the individuals themselves.
Conclusion
The interplay between biometric technologies and patent regimes demands careful consideration of a complex legal landscape. The accelerating pace of AI-led innovation has made it increasingly difficult for the legal systems to navigate through the fine line between safeguarding individual privacy and granting intellectual property protection necessary to foster innovation. The prospects of patenting of biometric technologies are increasingly constrained by several hurdles such as the abstract idea exclusion and stringent patent eligibility requirements. Various legal frameworks attempt to correct the regulatory posture on biometrics by reinforcing the concept of sensitivity and imposing enhanced data protection obligations. A harmonised legal approach is essential in guiding the next generation of biometric innovation.
Footnotes
1. https://www.innovatrics.com/glossary/biometric-data/
2. https://wdr2021.worldbank.org/spotlights/who-owns-personal-data/
4. file:///C:/Users/BHAKTI%20SALIAN/Downloads/Kniha_Matejkaakol._BiometricDataandItsSpecificLegalProtection_2020.pdf
5. https://patentpc.com/blog/addressing-patent-challenges-electronics-biometric-identification
6. Section 3(k) Patents Act 1970 "A mathematical or business method or a computer program per se or algorithms are not inventions within the meaning of this Act."
7. Article 52 -Patentable inventions
(2)The following in particular shall not be regarded as inventions within the meaning of paragraph1: schemes, rules and methods for performing mental acts, playing games or doing business, and programs for computers;
8. 35U.S.C.101 Inventions patentable.
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
9. Universal Secure Registry LLC v. Apple Inc., 851 F. App'x 1010 (Fed. Cir. 2021).
10. Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 573 U.S. 208 (2014).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
