Legal difficulties for the use of Biometric Data in Artificial Intelligence-based recruitment procedures

Until recently, the use of biometric data has been focused on the problem of establishing personal identity on the double form of “biometric identification” and “identity verification”. This limitation is reflected also in the regulation especially in the European framework based on the General Data Protection Regulation (GDPR). But the advent of the “data society”, radically changed the picture. Images, videos, software tools to catch and analyse physical traits and behaviour are making biometric data extraction and use much easier. Biometric data can, now, be exploited for uses that go well beyond unique identification. The case of recruiting is paradigmatic, since new possibilities are now open to improve the procedures by means of Artificial Intelligence (AI), but they have to face the uncertainties in the regulation. Thus, in this paper, first I will give a short reference framework about biometrics (§ 2); then I will discuss the relationships between the European General Data Protection Regulation about biometric data and national laws, taking the Italian case as benchmark (§ 3); then I will focus on a specific point in the new European Proposal for a Regulation on Artificial Intelligence, as far as biometric data are concerned, (§ 4), then I will try to suggest an interpretative coordination between these sources of law, offering some concluding remarks (§ 5-6).