iometrics seems to be everywhere today. Not only at the airports, checkout counters, and entertainment venues, but also at the refugee camps in the Middle East, service centers in South Asia, and voting booths throughout Africa. This means that a lot of sensitive data about private individuals, residents of or travelers to a country, is managed by third parties: primarily governments, NGOs, and private companies.
The options to protect biometrics appear to be limited. We can apply increasingly complex and expensive ways to encrypt highly sensitive images and biometric templates, or we can forgo the use of biometrics altogether. Neither option is particularly appealing in the long term, and the data is only as secure as the weakest link. You can change your PIN or your password, but—unfortunately—you cannot change your biometrics if it is ever compromised.
For organizations providing services to most vulnerable populations, biometrics represents both an opportunity to manage limited resources and a liability endangering the “Do No Harm” principle. Individuals without smartphones do not have any options to store passkeys or protect their biometrics today and rarely influence how biometric programs are implemented. Yet, for millions without official ID documents, biometrics is often the only way to establish trust with service providers, including governments.
What if we were able to remove the most sensitive personal data from digital identity ecosystems? What if we could prevent the misuse of biometric data by rogue actors, AI bots, and authoritarian regimes? If we can do this, we can build a world where individuals can safely demonstrate “I exist, I am here, and I am the same person.” Privacy–preserving biometric tokenization can be the answer. Tokenization has already proven to be highly secure and effective in the financial services world. Whether shopping with a credit card, Apple Pay, or auto pay, unique tokens are used for each payment. Then all transactions show up in one place on your banking statement, linked to one another. If your payment credential is ever compromised, you can simply revoke it and get a new one.
The same concept can work very well for biometrics. Through this innovative, privacy–first, and inclusive technology we can pioneer a new approach to trusted interactions. We can empower individuals to create and manage their own biometric identity tokens—reducing reliance on third–party data stewards. Biometrics like palm prints can also be tokenized, creating a more effective ‘proof of humanity’ and defense against deep fakes and AI bots, given our faces are public (harvestable) and easily spoofable but our palms are not.
Next time someone asks for your biometrics, you should answer: “Yes, but only if you tokenize it.” My data, my choice, my voice.
a global affairs media network
Preserving privacy, building trust in digital identity ecosystems
Image by wal_172619 from Pixabay
September 16, 2025
Biometrics are everywhere today, and indispensable—but results in a lot of sensitive data being managed by third parties. Today, innovations in biometric tokenization mean we can remove the most sensitive personal data from digital identity and commercial ecosystems, writes Przemek Praszczalek.
B
iometrics seems to be everywhere today. Not only at the airports, checkout counters, and entertainment venues, but also at the refugee camps in the Middle East, service centers in South Asia, and voting booths throughout Africa. This means that a lot of sensitive data about private individuals, residents of or travelers to a country, is managed by third parties: primarily governments, NGOs, and private companies.
The options to protect biometrics appear to be limited. We can apply increasingly complex and expensive ways to encrypt highly sensitive images and biometric templates, or we can forgo the use of biometrics altogether. Neither option is particularly appealing in the long term, and the data is only as secure as the weakest link. You can change your PIN or your password, but—unfortunately—you cannot change your biometrics if it is ever compromised.
For organizations providing services to most vulnerable populations, biometrics represents both an opportunity to manage limited resources and a liability endangering the “Do No Harm” principle. Individuals without smartphones do not have any options to store passkeys or protect their biometrics today and rarely influence how biometric programs are implemented. Yet, for millions without official ID documents, biometrics is often the only way to establish trust with service providers, including governments.
What if we were able to remove the most sensitive personal data from digital identity ecosystems? What if we could prevent the misuse of biometric data by rogue actors, AI bots, and authoritarian regimes? If we can do this, we can build a world where individuals can safely demonstrate “I exist, I am here, and I am the same person.” Privacy–preserving biometric tokenization can be the answer. Tokenization has already proven to be highly secure and effective in the financial services world. Whether shopping with a credit card, Apple Pay, or auto pay, unique tokens are used for each payment. Then all transactions show up in one place on your banking statement, linked to one another. If your payment credential is ever compromised, you can simply revoke it and get a new one.
The same concept can work very well for biometrics. Through this innovative, privacy–first, and inclusive technology we can pioneer a new approach to trusted interactions. We can empower individuals to create and manage their own biometric identity tokens—reducing reliance on third–party data stewards. Biometrics like palm prints can also be tokenized, creating a more effective ‘proof of humanity’ and defense against deep fakes and AI bots, given our faces are public (harvestable) and easily spoofable but our palms are not.
Next time someone asks for your biometrics, you should answer: “Yes, but only if you tokenize it.” My data, my choice, my voice.
