. .

EAB Lunch Talk: Regulatory Sandbox Report: GDPR and Face Biometric Template Protection Technologies

Date: 2025-10-22 (12:30-13:30) Location: Online

Organizer: European Association for Biometrics

If you experience issues with the registration link, please try to use a different browser (Edge, Chrome).

Attendance is free of charge but registration is required.


Speakers: Petter Taugbøl, Eirik Guldbransen
Registration (ext.)

This talk will present the recently published Sandbox-report from the Norwegian Data Protection Authority (NDPA), which analyse key legal and privacy challenges related to the use of face biometrics template protection technologies to enable re-use of biometric data from National ID documents in online banking applications. The talk will include perspectives from the bank (Sparebank1 Østlandet), the regulator (NDPA) and the technology provider (Mobai).

Sandbox exit report ‘Securing digital identities’: https://www.datatilsynet.no/en/regulations-and-tools/sandbox-for-artificial-intelligence/reports/salt-mobai-et-al.-exit-report-securing-digital-identities/

The Regulatory Sandbox is a valuable method for exploring issues where there are few legal precedents. Participants and the Norwegian Data Protection Authority collaboratively explore issues concerning privacy to help ensure that a new service or product complies with regulations and safeguards individuals' privacy. The conclusions do not constitute binding decisions or pre-approvals. Participants are free to decide whether to follow the advice they receive.

We thank our media partner:

Logo of Biometric Update

Agenda

12:30 Petter Taugbøl

Project background and needs addressed

Mobai
12:35 TBD

The challenge of ID fraud and fraud in online banking.

The bank’s perspective.

Sparebank1 Østlandet
12:50 Petter Taugbøl

Face biometric template protection using homomorphic encryption.

Mobai
13:05 Eirik Guldbransen

Legal assessment of privacy implication of Mobai’s solution

-Central or decentral storage? Is it Possible to Store Biometric Information on a Central Server?

-Are Protected Biometric Templates Personal Data Subject to GDPR?

The Norwegian Data Protection Agency (Datatilsynet)
13:20

Q&A

13:30

End of Lunch Talk