INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 03,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1084
USE OF BIOMETRIC DATA: LEGAL RESTRICTIONS AND LIABILITY ISSUES
Javokhir Eshonkulov
Javoxireshonqulov0724@gmail.com
Lecturer at Tashkent State University of Law, Uzbekistan
Orcid: 0000-0002-9964-9031
Islomova Rayxona
2nd-year student at Tashkent State University of Law,
the faculty of international law and comparative legislation
Abstract:
This article analyzes the legal restrictions and liability issues related to the use of
biometric data. Biometric data includes unique characteristics that enable personal identification
and are widely used in modern security systems. However, the improper use or breach of
confidentiality of such data can lead to serious human rights and legal concerns.
Keywords:
Biometric data, administrative liability, criminal liability.
INTRODUCTION
The protection of personal data and the establishment of liability for violations have
become a pressing social necessity today. The rapid development of modern information
technologies and digital transformation processes has significantly increased the volume of
personal data. On one hand, this contributes to improving living standards and enhancing public
services, but on the other, it raises concerns about the security of individuals’ personal lives,
rights, and freedoms.
To address this issue, the President of Uzbekistan, Shavkat Mirziyoyev, has emphasized
the need to strengthen legislation on personal data security. The experience of foreign countries
also demonstrates the importance of ensuring the security of personal data and establishing
liability for violations as a vital social necessity.
Statistical data confirm that the illegal collection, processing, and dissemination of personal
information cause significant material and moral damages both in Uzbekistan and globally
Definition of Biometric Data
Biometric data refers to biological and behavioral characteristics used for personal
identification and verification. These include fingerprints, facial recognition, iris patterns, voice
recognition, and gait analysis. While biometric data is widely used in modern security systems,
its legal protection and associated restrictions remain crucial concerns.
In Uzbekistan, the collection, storage, and processing of biometric data are regulated by
the Law on Personal Data No. 547, adopted on July 2, 2019. According to the law, biometric
data includes personal information that describes an individual’s anatomical and physiological
characteristics. The processing of biometric data is only legal with the subject’s consent, except
in the following cases:
1
N. Q. Khudoyqulova. The Social Necessity and History of Defining Liability for Violations of Personal Data
Legislation. Journal of Innovations in Scientific and Educational Research, Vol. 7, Issue 5.
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 03,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1085
• Implementation of Uzbekistan’s international agreements
• Judicial proceedings
• Enforcement of court rulings
• Other cases stipulated by legislative acts
Legal Restrictions
Many countries have enacted laws regulating the collection, storage, and processing of
biometric data. For example:
• The European Union’s General Data Protection Regulation (GDPR) classifies
biometric data as a special category of personal data, requiring a clear and lawful basis for
processing.
• In the United States, certain states such as Illinois, Texas, and California have
imposed strict regulations or outright bans on the unauthorized collection of biometric data.
• Uzbekistan does not have a separate law specifically for biometric data protection,
but the Law on Personal Data establishes basic regulations for data protection.
Liability Issues
Misuse or unauthorized disclosure of biometric data raises concerns about legal
responsibility. The main types of liability under Uzbek law include:
1. Administrative Liability
According to Article 223 of Uzbekistan’s Administrative Liability Code, violations
related to biometric data include:
• Unauthorized possession or use of invalid identification documents
• Failure to register at a place of residence
• Loss or deliberate damage to an identification document
Fines for such violations range from half to three times the base calculation amount.
Repeat offenses within a year result in fines of up to five times the base calculation amount.
2. Criminal Liability Severe violations, such as forgery, unauthorized access, or extortion
using biometric data, may result in criminal charges. For instance, under Uzbek law, blackmail
involving defamatory information can lead to imprisonment from three to five years.
Government Initiatives on Personal Data Protection
President Mirziyoyev has emphasized the urgent need to strengthen the legal mechanisms
for personal data protection. In his Address to the Nation on January 28, 2022, he stated:
“Today, the majority of people in cities and villages use online services… Therefore, we
must first strengthen the legal mechanisms for protecting citizens’ personal data.”
He also highlighted plans to accelerate digitalization, strengthen cybersecurity, and
enhance the security of personal data. This underscores the increasing risk of unauthorized
access, processing, and dissemination of personal information amid rapid digital transformation.
Conclusion
While biometric data plays a crucial role in modern security technologies, its misuse can
lead to violations of individual rights. Therefore, every country must establish clear legal
frameworks and ensure robust protection mechanisms. Organizations handling biometric data
should comply with international standards and take necessary measures to safeguard personal
information.
Although Uzbekistan has legal provisions for personal data protection, there is a need to
further refine these regulations and raise public awareness about data security. The unauthorized
collection, disclosure, or misuse of biometric data threatens privacy rights and entails legal
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 03,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1086
consequences. Strengthening legal protections and improving enforcement mechanisms remain
critical steps in ensuring data security.
References:
1. Law of the Republic of Uzbekistan on Personal Data No. 547 (July 2, 2019)
2. Khojiev E., Khojiev T. Administrative Law. Edited by Prof. M. Kh. Rustambaev. Tashkent,
2006, 800 pages.
3. S. Murataev, B. Musaev, D. Artikov. Administrative Law and Process. Textbook. Tashkent
State University of Law, 2020, 520 pages.
4. N. Q. Khudoyqulova. The Social Necessity and History of Defining Liability for Violations
of Personal Data Legislation. Journal of Innovations in Scientific and Educational Research,
Vol. 7, Issue 5.
5. Eshonkulov, J. (2025). The Role of Smart Contracts in Civil Law and Issues of Legal
Regulation. Uzbek Journal of Law and Digital Policy, 3(1), pp. 104–111.
6. Eshonkulov, J. (2024). Legal Foundations for the Application of Artificial Intelligence
Technologies in the Sports Industry. American Journal of Education and Evaluation Studies,
1(7), pp. 240-247.
7. IBM Security: Data Breach Reports - www.ibm.com/security/data-breach
8. Pwn2Own Cybersecurity Reports - www.pwn2own.com (https://www.pwn2own.com/)
9. Lex.uz: Official Legal Database of Uzbekistan - lex.uz/acts/-97664
