ISO/IEC 24714:2023

INTERNATIONAL ISO/IEC
STANDARD 24714
First edition
2023-07
Biometrics — Cross-jurisdictional
and societal aspects of biometrics —
General guidance
Biométrie — Aspects transjuridictionnels et sociétaux de la biométrie
— Partie 1: Recommandations générales
Reference number
© ISO/IEC 2023
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms.3
5 Cross-jurisdictional and societal considerations . 3
5.1 General . 3
5.2 Cross-jurisdictional issues . 4
5.2.1 General . 4
5.2.2 Privacy aspects of biometric applications . 4
5.2.3 Privacy principles for biometric applications . 6
5.2.4 Further legal aspects . 8
5.3 Accessibility . 11
5.3.1 General . 11
5.3.2 Principles for less able subjects . 13
5.4 Health and safety . . 14
5.4.1 General . 14
5.4.2 Addressing the health and safety issues . 15
5.4.3 Special cases . 15
5.5 Usability . 15
5.5.1 General .15
5.5.2 Usability and the context of use . 15
5.6 Societal, cultural and ethical aspects of biometrics . 18
5.6.1 General . 18
5.6.2 Commonalities and diversities . 18
5.6.3 Multinational environments . 18
5.6.4 Anonymity . 18
5.6.5 Clothes, ornaments and traditions . 19
5.6.6 Compulsory participation . 19
5.7 Acceptance . 19
5.7.1 General . 19
5.7.2 Privacy and acceptance . 21
5.7.3 Reliability, performance and acceptance. 21
5.7.4 Recommended actions for acceptance testing . 21
Annex A (informative) Examples for consideration of cross-jurisdictional and societal
aspects in biometric applications .23
Bibliography .30
iii
© ISO/IEC 2023 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of
any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC
had not received notice of (a) patent(s) which may be required to implement this document. However,
implementers are cautioned that this may not represent the latest information, which may be obtained
from the patent database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall
not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 37, Biometrics.
This first edition of ISO/IEC 24714 cancels and replaces ISO/IEC TR 24714-1:2008, which has been
technically revised.
The main changes are as follows:
— addition of privacy by design and privacy by default principles;
— addition of examples.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
iv
© ISO/IEC 2023 – All rights reserved

Introduction
This document provides support for the further development of ISO/IEC biometric International
Standards in the context of cross-jurisdictional and societal applications of biometrics, including
standardization of both existing and future technologies.
Specifically, this document offers guidance on the design of systems that use biometric technologies to
capture, process and record biometric information:
— with regard to societal norms and legal requirements of jurisdictional domains (within and among
various levels of jurisdictions);
— pertaining to privacy/data protection of an identifiable individual;
— with respect to an individual’s ability to access and use these systems and the information they
contain;
— with regard to health and safety issues pertaining to an individual when systems are utilized to
capture biometric data.
In this document, biometric data are considered to be personally identifiable information (PII).
Examples of the benefits to be gained by following the recommendations and guidelines in this
document are:
— enhanced acceptance of systems using biometrics by subjects;
— improved public perception and understanding of well-designed systems;
— smoother introduction and operation of these systems;
— potential long-term cost reduction (whole life costs);
— increased awareness of the range of accessibility-related issues;
— adoption of commonly approved good privacy practice.
The primary stakeholders are identified as:
— operators – those who use the results of the biometric data,;
— developers of technical standards;
— subjects – those who provide a sample of their biometric data;
— writers of system specifications, system architects and IT designers;
— public policy makers.
v
© ISO/IEC 2023 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 24714:2023(E)
Biometrics — Cross-jurisdictional and societal aspects of
biometrics — General guidance
1 Scope
This document gives general guidance for the stages in the life cycle of a system’s biometric and
associated elements. This covers the following:
— the capture and design of initial requirements, including legal frameworks;
— development and deployment;
— operations, including enrolment and subsequent usage;
— interrelationships with other systems;
— related data storage and security of data;
— data updates and maintenance;
— training and awareness;
— system evaluation and audit;
— controlled system expiration.
The areas addressed are limited to the design and implementation of biometric technologies with
respect to the following:
— legal and societal constraints on the use of biometric data;
— accessibility for the widest population;
— health and safety, addressing the concerns of users regarding direct potential hazards as well as the
possibility of the misuse of inferred data from biometric information.
This document is intended for planners, implementers and system operators of biometric applications.
Specification and assessment of government policy are not within the scope of this document. However,
this document is intended to be beneficial to public authorities when deploying biometric systems.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 2382-37, Information technology — Vocabulary — Part 37: Biometrics
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IS
...