In a deliberation dated June 23, 2011, the French data protection authority (“CNIL”) agreed to the use by a company of a behavioral biometric system based on the typing pattern of individuals, designed to strengthen the identification of individuals accessing to an information system. This is the first time that a biometric system based on keystroke dynamics is authorized in France by the CNIL.
The system requires the recording of personal data, such as the last name, first name, pseudonym and IP address.
In France, companies have to obtain the authorization of the CNIL before processing biometric data (Article 25-I-8° of the French Data Protection Act of January 6, 1978).
This authorization has been granted exclusively for a specific purpose, namely the demonstration of a product to prospects, and is subject to the implementation of stringent security measures to ensure the confidentiality of the data.