Digitalisation, which involves ‘leveraging digitisation to improve business processes’ has permeated a plethora of sectors. Humanitarian aid is no exception. One such subset of digitalisation is biometric verification: a technological means used to identify a person based on their biological features, including but not limited to ‘fingerprints, hand and earlobe geometries, retina patterns, voice prints and written signatures’.

The United Nations’ (UN) and, in particular, the UN Refugee Agency’s (UNHCR) drive to embrace biometrics is perhaps unsurprising. This is in light of the UNHCR’s commitment to protect personal identities from loss, duplicate registrations, fraud and identity theft under its Policy on Biometrics in Refugee Registration and Verification (2010).

Furthermore, biometrics are heavily relied upon as a means to achieve Sustainable Development Goal 16.9, under which all people must have a legal identity by 2030, since some aid recipients do not possess any identification documents. This is the case for many Yemenis, who do not have access to ID due to the ongoing civil war. The conflict has internally displaced an estimated 4.3 million people and forced many to leave behind personal belongings, including proof of identity. From this perspective, biometric registration could be viewed as an important safeguard of a fundamental human right, namely the right to personal identity.

These advantages associated with the use of biometrics should not, however, divert attention from the dangers and abuses that come with subjecting refugees to biometric verification. When using biometric verification in the humanitarian space, the UN appears to take a one-size-fits-all approach. Instead, a biometric-based humanitarian response must be context-sensitive. Biometric registration should be used only as a last resort for refugees and aid-recipients in countries dominated by a climate of political unrest. For such vulnerable people, a data breach could potentially be a matter of life and death.

For instance, biometric information of Rohingya refugees who fled Myanmar due to violence, discrimination and persecution was improperly collected by the UNHCR for repatriation purposes and shared with the Myanmar Government. This is why it is important for the UN to conduct a risk assessment before having recourse to biometrics as they may violate the right to self-determination, the right to privacy and the right to be forgotten. But this strategy does not go far enough.

The need to empower aid recipients

More empowerment of aid recipients is needed in light of the fact that the use of biometrics in the humanitarian sector exacerbates ‘the unequal power dynamics between aid giver and aid receiver’. Such power imbalances partly stem from information asymmetry. Even though the UNCHR’s Policy on the Protection of Personal Data of Persons of Concern is meant to protect refugees, this policy is, at best, toothless. For example, although refugees’ right to information is enshrined in the policy, in reality, Syrian refugees in Jordan barely know about the processing of their biometric data. Furthermore, under the policy, a refugee’s informed consent is not a prerequisite for the processing of biometric data, as long as other legitimate bases for data processing exist.

Even if refugees have the right to object to the processing of their biometric data under the policy, such a right is arguably rendered futile by the fact that biometric registration is often a prerequisite to accessing aid. This can be seen as a considerable expansion of the use of biometrics in light of the fact that when digitised biometrics were first introduced in the early 2000s, they were mainly used for registration purposes rather than for aid delivery, as is the case now.

Such a requirement compounds the vulnerability of refugees and aid recipients more generally. This is because biometrics have turned refugees into applicants, rather than rights holders, who must provide evidence that they are deserving of aid. For example, the use of biometrics, and in particular the use of iris scans, is a prerequisite to access cash assistance by Syrian refugees in Jordan, except in the case of medical conditions. Thus, there is a clear disconnect between the lived experiences of refugees and the UNCHR’s statement that biometrics aren’t mandatory to access cash assistance.

Moreover, the very fact that certain refugees are held back by the fear of being deprived of aid when thinking about making any complaints about their biometric IDs is very telling. This demonstrates why it is important that the UNCHR provide refugees with the opportunity to opt out of biometrics and present them with alternative registration and aid access channels.

Democratising biometrics also involves their consistent and fair application to refugees. However, on the ground, this is far from the case. For example, unlike the case in some UN programs where more than one person can be designated as an aid collector, Syrian refugees in Jordan are not offered such flexibility; biometrics cannot be shared with a family member if the person who is registered for aid distribution purposes cannot collect it.

In order to empower refugees, the UNCHR will need to perceive them as stakeholders who have a say in relation to the aid they receive. While the UNCHR has a role to play in terms of democratising biometrics, the organisation must not be made a scapegoat for the policies of host states, which may be exclusionary in nature and leave refugees with little choice and control on how to deal with cash assistance. Ultimately, the UNCHR works ‘at the behest of host states’. Any endeavours to empower refugees must entail the enactment of effective data protection laws by host states who should consult with refugees on the infrastructure needed for registration and access to aid.