Address privacy concerns of using biometrics

[denkeni]

ISSUE 2: Add Privacy Considerations section
Add privacy considerations section that includes at least the following topics:

• Strongly advise against using biometrics for confidence methods unless absolutely required. Warn that verifiers should only require biometric photos as a last resort and should destroy the information after the transaction is complete. (source)

Once the biometric is included as part of data integrity of VC, it could be difficult for verifiers to delete the VP as soon as the transaction is complete, as verifiers may be required to keep the evidence of VP for at least months.

I would suggest the verifier SHOULD implement some prompting to the holder before the VP transmission, for example, implementing Purpose in OpenID4VP, or any similar mechanism within VCALM.

[iherman]

This was discussed during the vcwg meeting on 14 November 2025.

View the transcript

w3c/vc-confidence-method#21

denkeni: one must be very careful whenever biometric data is presented, because verifiers may need to keep them for a while
… this issue suggest that some prompting should be implemented before presenting such VCs

manu_: +1 to that

JoeAndrieu: +1 with the nuance that it is about biometrics claims

---