The debate surrounding the proposed biometric data law continues to center on how fingerprints and other personal identifiers should be handled within a unified system. Since the new framework would not rely on a single biometric platform, some observers argue that insisting on compulsory fingerprint submissions could be unnecessary and potentially intrusive. This point was shared with socialbites.ca by Alexander Khinshtein, who serves as the chairman of the State Duma Information Policy Committee. The fundamentals of how personal data would be processed and the core principles of a unified biometric system are slated to be the focus of the bill’s second reading, currently scheduled for 20 December.
A key proposal put forward by the committee envisions narrowing the biometric categories to two primary types: a voice sample and an image of a person’s face. This limited scope would simplify the data landscape and help ensure that the system remains focused on essential verification needs rather than collecting a broad array of biometric traits. However, the lawmakers emphasize that the law would not extend to technologies that operate independently of state information infrastructure, such as consumer devices that use biometric authentication for personal use.
In remarks addressing concerns, Khinshtein noted that the legislation is designed to regulate activities within state information systems and to define what information is required for their operation. He underscored that user consent remains a central feature of any biometric solution that operates on consumer devices. For example, facial recognition features on smartphones, including Face ID, are controlled by the user and can be disabled at any time. These features, when they rely on foreign platforms or external services, are not automatically absorbed into the state information system nor are they governed by the same regulatory framework as those that operate strictly within domestic infrastructure. Therefore, Face ID and similar technologies that run on platforms or services outside the country are not considered part of the central biometric system envisioned by the bill. According to the committee chair, anything already deployed within the borders of the Russian Federation is incorporated into the broader information system that the legislation aims to regulate, while external elements remain outside this specific regulatory scope.
There has also been public discussion on the potential risks associated with biometric data handling. Members of the Human Rights Council, communicated through the Telegram channel, have stressed that the leakage of sensitive biometric personal data, such as fingerprints or voice samples, could have serious consequences for individuals. These concerns underscore the need for robust safeguards, strict access controls, and strong accountability mechanisms to deter misuse and to ensure transparency in how data is collected, stored, and utilized. The committee and lawmakers appear intent on addressing these risks by clarifying the responsibilities of state agencies, outlining clear data protection standards, and establishing procedures for auditing and incident response. The aim is to balance the benefits of biometric verification with strong protective measures that preserve civil liberties and trust in government information systems. As the second reading approaches, stakeholders throughout the government and privacy advocate communities will be watching closely to evaluate how the proposed rules translate into practical protections and feasible implementation steps. The dialogue continues as policymakers weigh technical feasibility, international cooperation considerations, and the evolving landscape of biometric technologies that are used in everyday life. In summary, the ongoing discussion focuses on limiting the biometric scope to essential categories, ensuring user autonomy in consent-based scenarios, and maintaining strict boundaries between state-controlled systems and consumer devices that rely on external platforms. The outcome will shape how personal data is treated in official procedures and what powers and responsibilities accompany the use of biometric identifiers in the public sector.