I'm sure the GDPR police will be all over this.
Interesting comment towards the bottom of the article is the establishment of a system that would lower the number of databases that would house your biometrics. Maybe a digital medical record that also stores our biometrics and can only be accessed with our prior approval?
Well written article. The best point mentioned, "we need some kind of unified platform where we limit the numbers of parties who actually hold such data, with others accessing those trusted holders on an “as a service” basis." The notion of least privilege and access control never grow old.
Looks like it goes back to the fundamentals as Ross Anderson famously stated to a Select Committee in the UK: https://publications.parliament.uk/pa/cm201314/cmselect/cmhaff/70/7004.htm
"The only way to ensure data does not leak is not to collect it."
Seems there is a great need for a Trust Network - but exactly who do you trust?