Biometric technology, in and of itself, bears no direct relation to privacy. It is the use or misuse of biometric technology which can directly affect individual privacy.

One of the complexities of discussing biometrics and privacy is that biometric deployments, even those based on the same core technology, can be privacy-invasive, privacy-neutral, privacy-sympathetic, or privacy-protective. Although some biometric technologies can be more directly associated with privacy concerns than others - finger and facial scan, primarily - it is the use of the technology which determines the levels of privacy risks involved. Finger scan technology, for example, can be incorporated into a smart card solution such that the bearer of the card has possession of his or her biometric information.

The BioPrivacy Impact Framework can be used to make top-level assessments of a project's potential privacy-enhancement or privacy-invasiveness. When assessing specific technologies, the BioPrivacy Technology Risk Ratings are a valuable tool. From this point, the BioPrivacy Best Practices can be implemented to determine what types of protections are necessary for a given deployment. Ideally, a deployment will address all BioPrivacy Best Practices, but some deployments by their nature must incorporate some elements which slightly heighten the privacy risk. At some point, the privacy impact of a specific deployment is balanced with other interest such as fraud reduction, cost savings or public safety.  

Once one has determined the risks involved in a particular usage of biometric technology, protections can be developed sufficient to fully address these risks. Protections and controls on the use of biometric technology must be consistent with both the nature of the biometric deployment and the privacy risks involved.