Blockchain and Biometrics: Survey, GDPR Analysis, and Future Directions
Mahdi Ghafourian, Bilgesu Sumer, Ruben Vera-Rodriguez, Julian Fierrez, Ruben Tolosana, Aythami Moralez, Els Kindt
TL;DR
This paper surveys the intersection of blockchain and biometrics, foregrounding both technical potential and GDPR-related risks. It analyzes scalability, smart contracts, consensus, security, and privacy, and provides a GDPR-centric evaluation of biometric data storage, accountability, immutability, and data protection by design. The authors categorize existing literature, highlight practical use cases such as SSI, DIDs, and biometric-based PKI, and propose GDPR-compliant on-chain/off-chain designs along with mitigation strategies. The work emphasizes that while blockchain can strengthen integrity and transparency in biometrics, real-time performance and privacy protections require careful off-chain architectures and high-throughput platforms for practical deployment.
Abstract
Biometric recognition as an efficient and hard-to-forge way of identification and verification has become an indispensable part of the current digital world. The fast evolution of this technology has been a strong incentive for integration into many applications. Meanwhile, blockchain, the decentralized ledger technology, has been widely received by both research and industry in the past few years, and it is being increasingly deployed today in many different applications, such as money transfer, IoT, healthcare, or logistics. Recently, researchers have started to speculate on the pros and cons and what the best applications would be when these two technologies cross paths. This paper provides a survey of the research literature on the combination of blockchain and biometrics and includes a first legal analysis of this integration based on GDPR to shed light on challenges and potentials. Although the integration of blockchain technology into the biometric sector is still in its infancy, with a growing body of literature discussing specific applications and advanced technological setups, this paper aims to provide a holistic understanding of blockchain applicability in biometrics. Based on published studies, this article discusses, among others, practical examples combining blockchain and biometrics for novel applications in PKI systems, distributed trusted services, and identity management. Challenges and limitations when combining blockchain and biometrics that motivate future work will also be discussed; e.g., blockchain networks at their current stage may not be efficient or economical for some real-time biometric applications. Finally, we also discuss key legal aspects of the EU General Data Protection Regulation (GDPR) related to this combination of technologies (blockchain and biometrics); for example, accountability, immutability, anonymity, and data protection elements.