Biometric data is coming to China! Chinese Government allowing banks and third party bank payment service providers to use biometric data to satisfy regulatory verification requirements

By Clarice Yue, Alison Wong, Christine Yiu, Michelle Chan


Amidst the deep reflection of the potential implications of the two recently issued notice and regulations issued by the People's Bank of China (PBOC), that is:

  • the "Administrative Measures on Online Payment Business of Non-Bank Payment Organisations" issued on 28 December 2015 (Administrative Measures); and
  • the "Notice on Further Improving the Services of Individual Accounts and Strengthening the Administration of Accounts" issued on 25 December 2015 (Notice),

what slips through most people's attention is perhaps the low key but formal recognition on the use of biometric data and related technology to verify and confirm the identity of the account holders.

Formal recognition

In the Notice, PBOC specifically states that "capable banks" may explore the use of biometric recognition technology for purposes of verifying the identity of the individual during for account opening purposes. In the Administrative Measures, online payment service providers are permitted to use biometric data to verify the identity of the account holder and related transactions.

Supplementary only and cautionary approach…

Each of the above however is subject to certain qualifications. Even for "capable banks", the use of biometric recognition technology can only be supplementary. In other words, banks are still required to use other methods to verify the identity of the account opener and satisfy the requisite KYC requirements. For online payment service providers, the use will have to "comply with applicable standards and data security requirements".

While the above provisions provide perhaps for the first time in China proper regulatory recognition of the use of such technology and data by financial institutions, PBOC's view remains cautious. This is understandable as notwithstanding the Notice and the Administrative Measures, China has not yet adopted any standard (be it national standard or industry standard for financial services sector) in relation to the use of biometric recognition technology. Regulations on protection of personal data, including biometric data, are still being developed and there is certainly limited reference to biometric data in any current regulations that do provide data protection.

What next?

It would be interesting to see how China is going to address the use of biometric recognition technology and the protection of biometric data from a legal and regulatory perspective. Perhaps the 13th Five Year Plan to be released this month (and other detailed sub-plans) will provide some useful clues?