Biometric Data and Consumer Privacy: A Critical Conversation

This year, I have been really excited to be a member of the Forbes Communications Council, an invitation-only community for executives in media, public relations, branding, and advertising. I plan to write about a wide variety of topics for the Council and especially about consumer privacy, which is near and dear to my heart.

Connected cars are changing the driving experience and bringing up many new privacy issues, and one of the newest frontiers is biometric data. My first article for Forbes delves into this important topic. Here’s what I had to say.

Biometric Data: The Most Personalized of Consumer Datasets

Imagine a coffee maker that brews individual coffee cups at a temperature that’s based on the body temperature and blood pressure level of the coffee drinker. Or a fitness service that recommends workouts based on the consumer’s blood sugar over the last 24 hours. Or a car that performs a breathalyzer check before starting its engine.

A few years ago, when I was the CMO at Neustar, I started thinking about what the internet of things would mean for marketers and the potential implications of using these new, highly personalized datasets to be more precise in the way we serve our customers. If data is the new oil for marketers, biometric data is the highest-grade substance. It’s a treasure trove of value that brings new insights, but also new meaning to data privacy.

As marketers, can our data privacy practices keep up with the rapidly emerging needs of biometric data? How do we use this data ethically? It’s imperative that we raise our collective consciousness about these critical questions.

When Would You Want To Share Biometric Data?

So, let’s turn the tables a bit. Would you be willing to share biometric data in order to enjoy the perfect cup of coffee every morning? My guess is that some of you would and some would not. Would you be willing to share biometric data in order to make your fitness routine more engaging? Hundreds of thousands of people do that every day through fitness experiences like Peloton or Mirror. Now, how would you feel about your fitness company sharing that data with any of the weight management companies in order to get a special offer? Disclosing your data to a life insurance company in order to secure a favorable premium? Anonymizing that data and using it to target digital advertising for a new plus-size clothing line? Using your real-time workout performance data to call 911 if your heart rate goes too high?

You may answer these questions differently than I would, or you may have mixed feelings about this topic. As marketers, we need to view privacy as a fundamental consumer right. It’s our job to create boundaries on how and when we ask people to share their biometric data and be clear about how we will be using it.

It’s Time To Take A Deeper Look At Privacy Practices

Working with car data as the CMO of Otonomo, I am actively discussing these types of issues today, and our learnings are even more important when it comes to biometric data. Here are some of the fundamental privacy practices that I think must emerge to protect individuals and their data.

Practice No. 1: Engineer for Transparency

Last year, we commissioned a survey of connected car drivers, fielded by Edison Research, to understand consumer attitudes about sharing car data. We found that next to trusting a particular brand, transparency was the critical factor determining whether drivers would be willing to share their data: 64% of respondents said they wanted to be told exactly what data was being collected, how it was being used and by whom. I would expect that biometric data, which is even more personal than car sensor data, would come with similar expectations.

One best practice that’s emerging, thanks to GDPR, is a transparent consent management process. In the automotive industry, some brands have built mobile apps that make it very clear what car data is being shared for what purposes.

To future-proof today’s connected car services, automakers are looking at ways to remind customers of their data sharing settings through their infotainment systems. I could see similar systems working in consumer electronics, travel, healthcare or other industries where consumers interact with the brand via a mobile app or large screen. For example, your Peloton could ask your permission to share biometric data every time that you boot it up and then ask you clearly if you want to opt in for health-related promotions.

Practice No. 2: Raise the Bar for Security

I don’t think it can be said too many times: Security is paramount in this new internet of things world. Unlike a username and password, people can’t change their fingerprints or retinas if they get hacked. I have been encouraged to see new security technologies coming to market and increased budgets for these purposes on the part of the companies that I work with.

Practice No. 3: Be Vigilant Beyond the Usual Confines of Your Industry

Biometric data will blur long-standing lines between industries. While a number of cross-industry regulations such as Illinois’ Biometric Information Act will emerge, your business may also be subject to regulations that normally don’t apply to your industry. For example, is the treadmill that can call 911 a healthcare provider and thus subject to HIPAA? Regulations will be in flux for quite some time, so expect a period when you’ll be continually rethinking how you collect and manage data.

Takeaway: Keep a Constant Eye on the Implications of Biometric Data

Biometric data has put privacy advocates on the edge of their seats for good reason: It’s information that could save lives or ruin them, depending on how it’s managed. Marketers will need to take their existing privacy practices to an entirely new level. They must think beyond regulatory compliance and instead focus on building relationships with consumers based on transparency and trust. One last word of advice: I recommend meeting your chief privacy officer for coffee regularly.

Subscribe to our blog and receive updates of the latest connected car industry news and thought leadership.


Architected for security and privacy by design, Otonomo’s platform complies with even the most stringent data privacy regulations including GDPR and CCPA, ensuring all parties are protected and companies remain compliant across multiple geographies.

Leave A Comment

Your email address will not be published. Required fields are marked *