Cross-Context Biometric Reuse Governance

2. Summary

Cross-Context Biometric Reuse Governance requires organisations to implement technical and procedural controls that prevent biometric data — including facial recognition templates, voiceprints, gait signatures, iris patterns, and behavioural biometric profiles — from being silently transferred, linked, or repurposed across distinct operational contexts without explicit, informed, and context-specific authorisation. A "context" is defined as a distinct operational domain, business function, legal entity, or purpose boundary within which biometric data was originally collected. Examples of context boundaries include: retail loss prevention versus law enforcement identification, workplace access control versus employee productivity analytics, healthcare patient identification versus insurance underwriting, and customer authentication versus marketing personalisation. This dimension addresses the specific threat of biometric data flowing across these boundaries without the knowledge or consent of the data subject, creating surveillance capabilities, discrimination risks, and autonomy violations that the data subject never anticipated and could not reasonably foresee when providing their biometric data for the original, stated purpose.

3. Example

Scenario A — Facial Recognition Templates Shared Between Retail and Law Enforcement: A national retail chain deploys facial recognition at store entrances for loss prevention. The system generates 512-dimensional facial embedding vectors from shoppers as they enter, matches them against a database of individuals previously involved in shoplifting incidents, and alerts security staff when a match is detected. Over two years, the system accumulates 4.7 million unique facial templates. A regional police force approaches the retailer with a data-sharing agreement to assist in identifying suspects involved in violent crime. The retailer, seeking to maintain a positive relationship with law enforcement, provides API access to the facial template database. The police force begins running queries against the retailer's database for investigations unrelated to retail crime — missing persons cases, protest identification, and immigration enforcement. A civil liberties organisation discovers the arrangement through a freedom of information request and files complaints with the data protection authority.

What went wrong: The facial templates were collected for a specific purpose (retail loss prevention) and were repurposed for an entirely different context (general law enforcement identification) without the knowledge or consent of the 4.7 million individuals whose faces were enrolled. No context boundary existed to prevent the templates from flowing to a different operational domain. No technical control prevented the retailer from granting API access to an external party. The individuals had no reasonable expectation that entering a shop would result in their facial template being queryable by police for purposes unrelated to shoplifting. The data protection authority imposes a fine of £8.4 million for purpose limitation violations under Article 5(1)(b) GDPR and orders the deletion of all templates shared with law enforcement. The police force faces judicial review of identifications made using the improperly obtained templates, potentially invalidating dozens of investigations.

Scenario B — Employee Biometrics Reused for Marketing Analytics: A logistics company deploys fingerprint scanners for warehouse access control. Employees provide fingerprints during onboarding, consenting to their use for building access and time tracking. Eighteen months later, the company's data science team begins a productivity optimisation initiative. They correlate fingerprint-derived attendance patterns — entry times, break durations, shift adherence — with order fulfilment metrics to build a workforce productivity model. The model identifies "high-performer" biometric-temporal profiles and "low-performer" profiles. The marketing department then requests access to the model's outputs to target high-performing warehouse locations for recruitment advertising and to identify locations with low-performer concentrations for management intervention campaigns. An employee union representative discovers that fingerprint-derived data is being used for performance profiling and marketing targeting, triggering a formal grievance and regulatory complaint.

What went wrong: Biometric data collected for physical access control silently crossed three context boundaries: from access control to attendance analytics, from attendance analytics to productivity profiling, and from productivity profiling to marketing targeting. Each transition was a separate context violation. No technical enforcement prevented the data science team from accessing biometric-derived data for analytics. No purpose boundary enforcement flagged the marketing department's request as a cross-context reuse. Employees had consented to fingerprint use for building access, not for productivity profiling or marketing. The regulatory investigation results in enforcement action for unlawful processing, a £2.1 million fine, and an order to delete all biometric-derived analytics and retrain the productivity model without biometric inputs.

Scenario C — Healthcare Voice Biometrics Repurposed for Insurance Risk Scoring: A telemedicine platform deploys voiceprint authentication so patients can verify their identity during phone consultations. Patients enrol their voiceprints during registration, consenting to voice-based identity verification for healthcare appointments. The platform's parent company also owns a health insurance subsidiary. An internal data governance review reveals that the insurance subsidiary has been accessing voiceprint-derived metadata — including vocal stress indicators, speech cadence patterns, and frequency analysis — to supplement its underwriting risk models. The insurance subsidiary's actuarial team discovered that certain vocal biomarkers correlate with cardiovascular risk factors and began incorporating these signals into premium calculations for 23,000 policyholders. A patient whose insurance premium increased by 34% requests an explanation under Article 22 GDPR and discovers that voice data from their medical consultations contributed to the premium adjustment.

What went wrong: Voice biometric data collected for patient authentication in a healthcare context was repurposed for insurance underwriting in a financial context. The cross-context transfer occurred within a corporate group, exploiting the absence of intra-group context boundaries. Patients consented to voiceprint use for identity verification during medical appointments, not for insurance risk scoring. The vocal biomarker analysis extracted health-related inferences from biometric data without the data subjects' knowledge, violating both purpose limitation and the prohibition on processing special category data without explicit consent. The data protection authority imposes a £12.7 million fine and orders the recalculation of all affected premiums, refund of excess premiums collected, and destruction of all voice-derived actuarial data.

4. Requirement Statement

Scope: This dimension applies to any AI agent deployment that collects, generates, stores, or processes biometric data in any form — raw biometric samples, biometric templates, biometric embeddings, biometric-derived metadata, or behavioural biometric profiles. It applies regardless of whether the biometric data is processed on-device, on-premise, or in cloud infrastructure. A "context" is defined as a distinct combination of: (a) the stated purpose for which biometric data was collected, (b) the organisational unit or legal entity responsible for the collection, (c) the operational domain in which the data is used, and (d) the reasonable expectations of the data subject at the time of collection. A change in any one of these four elements constitutes a context transition that triggers the controls defined below. The scope includes intra-organisation context transitions (e.g., biometric data moving between departments), inter-organisation transitions (e.g., sharing with partners, vendors, or government agencies), and derivative transitions (e.g., using biometric data to train models that are then deployed in a different context).

4.1. A conforming system MUST maintain a context registry that records, for every biometric dataset and template store, the specific collection context — including the stated purpose, the collecting entity, the operational domain, and the consent basis under which the data was obtained.

4.2. A conforming system MUST enforce technical access controls that prevent any principal — human user, application, API consumer, or automated pipeline — from accessing biometric data outside the registered collection context without passing through a context-transition approval workflow.

4.3. A conforming system MUST implement context-boundary enforcement at the storage layer such that biometric data collected for one stated purpose cannot be queried, joined, exported, or linked with data from a different context without generating a context-transition event that is logged, flagged, and routed for approval.

4.4. A conforming system MUST require that every context transition receives documented authorisation that includes: (a) identification of the source context and destination context, (b) a lawful basis assessment for the new context, (c) evidence that the data subjects have been notified of and have consented to the new use where consent is the lawful basis, and (d) a proportionality assessment demonstrating that the reuse is necessary and that the objective cannot be achieved without biometric data.

4.5. A conforming system MUST block context transitions by default — the system must operate on a deny-by-default basis where any attempt to access biometric data from outside the registered context is rejected unless an approved context-transition authorisation exists.

4.6. A conforming system MUST generate tamper-evident audit logs for all context-transition attempts, whether approved or denied, including the requesting principal, the source and destination contexts, the timestamp, and the disposition (approved, denied, or pending).

4.7. A conforming system MUST prevent biometric templates or embeddings from being used to train, fine-tune, or evaluate machine learning models intended for deployment in a context different from the collection context, unless a context-transition authorisation has been obtained.

4.8. A conforming system MUST enforce context boundaries across corporate group structures — biometric data collected by one legal entity within a corporate group is not automatically available to other entities in the group without a context-transition authorisation that satisfies the same requirements as inter-organisation sharing.

4.9. A conforming system SHOULD implement cryptographic context binding — encoding the permitted context identifier into the biometric template's encryption envelope so that the template can only be decrypted by systems operating within the authorised context.

4.10. A conforming system SHOULD perform periodic context-drift audits that examine whether biometric data usage patterns have drifted beyond the registered collection context, even in the absence of explicit context-transition requests.

4.11. A conforming system MAY implement automated context-similarity scoring that assesses the degree of divergence between a requested use and the original collection context, escalating high-divergence requests for senior governance review while permitting low-divergence uses (e.g., system migration within the same operational domain) through streamlined approval.

5. Rationale

Biometric data is uniquely sensitive because it is both irrevocable and identity-binding. Unlike a password or a token, a person's face, voice, fingerprint, or gait cannot be reset if compromised. When biometric data crosses a context boundary, the harm is not merely a data protection technicality — it creates surveillance and profiling capabilities that the data subject never consented to and cannot escape from. A facial template collected for airport boarding can, if reused in a retail context, track an individual's shopping behaviour across every store that participates in a shared facial recognition network. An employee voiceprint collected for phone system authentication can, if reused in an analytics context, reveal health conditions, emotional states, and cognitive load patterns that the employee never disclosed and never intended to share.

The core problem is that biometric data is context-agnostic at the technical level but context-dependent at the ethical and legal level. A 512-dimensional facial embedding does not carry metadata about the purpose for which it was created. It is equally useful for loss prevention, law enforcement identification, marketing segmentation, and political surveillance. Without technical enforcement of context boundaries, the reuse of biometric data is limited only by organisational discipline — which, as the examples in Section 3 demonstrate, is routinely insufficient when commercial incentives, operational convenience, or law enforcement pressure create motivation for reuse.

The threat is amplified by the structure of modern data ecosystems. Biometric data is often collected by one entity and processed by another. A retail chain may use a third-party facial recognition vendor whose template database is accessible to multiple clients. A cloud provider hosting biometric authentication services may have access to templates from hundreds of organisations. Without context-boundary enforcement at the technical layer, the data subject's consent to one organisation's use provides no protection against reuse by other organisations that share the same infrastructure.

Regulatory frameworks consistently treat cross-context biometric reuse as a high-severity violation. The EU AI Act classifies real-time remote biometric identification in publicly accessible spaces as a prohibited practice with narrow exceptions. The GDPR's purpose limitation principle (Article 5(1)(b)) directly prohibits processing personal data for purposes incompatible with the original collection purpose. The Illinois Biometric Information Privacy Act (BIPA) requires specific consent for biometric data collection and has generated over $1 billion in settlements and judgments for violations. Brazil's LGPD, Canada's proposed AIDA, and numerous US state laws impose similar constraints. AG-674 translates these legal requirements into technical controls that prevent violations before they occur, rather than relying on after-the-fact enforcement.

The preventive nature of this control is essential. Once biometric data has been reused across contexts, the harm is difficult or impossible to reverse. Facial templates shared with law enforcement cannot be "unshared" — the receiving party may have copied, indexed, and acted upon the data. Insurance premiums calculated using voice-derived health indicators have already affected real people's financial outcomes. Productivity profiles built from fingerprint attendance data have already influenced management decisions. Prevention — enforced through technical context boundaries — is the only effective mitigation because remediation after the fact is invariably incomplete.

6. Implementation Guidance

Effective cross-context biometric reuse governance requires controls at three layers: data architecture, access control, and organisational process.

Data architecture layer. Biometric data stores must be logically or physically partitioned by context. Each partition carries metadata recording the collection purpose, the collecting entity, the consent basis, and the permitted uses. Context partitioning can be implemented through separate databases, separate schemas within a database, or tagging systems with enforced access policies — the architectural choice depends on the organisation's infrastructure, but the enforcement must be technical, not advisory. A tag that says "retail loss prevention only" is insufficient if any authorised user can query across tags without restriction. The partitioning mechanism must be enforced at the query layer so that a request originating from the marketing analytics service cannot retrieve templates stored in the loss prevention partition.

Access control layer. Implement attribute-based access control (ABAC) policies that include context as a mandatory access attribute. Every request to biometric data must present credentials that include the requesting context. The access control system compares the requesting context against the data's registered context and denies access if they do not match. For example, an API request from the law enforcement liaison system to the retail loss prevention template store should be denied by default because the requesting context (law enforcement) does not match the data context (retail loss prevention). This is conceptually similar to network segmentation — biometric data stores should be in "context segments" that are not routable from other contexts without explicit gateway approval.

Recommended patterns:

• Context-bound encryption. Encrypt biometric templates using keys that are scoped to the collection context. The key management system issues decryption keys only to services that present valid context credentials matching the template's registered context. A template encrypted with the "retail-loss-prevention" context key cannot be decrypted by a service presenting "law-enforcement" context credentials. This provides cryptographic enforcement of context boundaries that cannot be bypassed through database access alone.
• Context-transition gateway. Implement a dedicated governance gateway that handles all cross-context biometric data requests. The gateway enforces a mandatory workflow: the requesting party must submit a context-transition request specifying the source context, destination context, purpose, lawful basis, and data subjects affected. The request is logged, routed for approval (which may include legal review, data protection impact assessment, and data subject notification), and only fulfilled if approved. The gateway produces a complete audit trail and can be configured to impose additional conditions — such as re-consent requirements or data minimisation transformations — before releasing data to the new context.
• Template de-identification for analytics. Where an organisation has a legitimate need to analyse patterns across biometric data from different contexts (e.g., studying authentication failure rates across business units), implement aggregation pipelines that produce statistical summaries without transferring individual templates across context boundaries. The analytics service receives aggregated metrics (mean template quality scores, authentication failure rates by demographic group) rather than individual biometric data.
• Derivative data tracking. Extend context boundaries to derivative data — if a machine learning model is trained using biometric templates from a specific context, the model itself inherits context restrictions. A fraud detection model trained on voiceprints collected for customer authentication carries the "customer-authentication" context tag and cannot be deployed in an insurance underwriting context without a context-transition authorisation.

Anti-patterns to avoid:

• "Same company, same data" assumption. Treating all biometric data within a corporate group as freely shareable because it belongs to the same organisation. Legal entities within a group are separate data controllers. Even within a single legal entity, departments operating in distinct contexts (HR, marketing, security, compliance) represent distinct processing purposes. The fact that data is held by the same company does not eliminate the purpose limitation obligation.
• Consent laundering through broad privacy policies. Drafting privacy notices with expansive purpose descriptions — "we may use your biometric data for security, analytics, product improvement, and business operations" — to create a veneer of consent for any future use. Consent for biometric processing must be specific and informed. A notice that describes every conceivable use provides neither specificity nor genuine informed consent.
• Template-level anonymisation claims. Asserting that biometric templates are not personal data because they are mathematical representations rather than raw images or audio. Biometric templates are personal data under GDPR (they uniquely identify a natural person), special category data (biometric data processed for identification), and are treated as biometric identifiers under BIPA and comparable statutes. Templates require the same context-boundary controls as raw biometric samples.
• Retroactive purpose expansion. Collecting biometric data for a narrow purpose and later seeking consent for broader uses while retaining the original data. The original data should have been collected and retained only for the original purpose. Seeking retroactive consent to expand the purpose creates coercive dynamics — the data subject may feel they have no practical choice because the data already exists.
• Cross-context linking via intermediate identifiers. Avoiding direct template sharing but linking biometric data across contexts through a shared subject identifier (e.g., an employee ID that connects the access control system's fingerprint data with the productivity analytics system's attendance data). The linking achieves the same outcome as template sharing — cross-context profiling — without transferring the biometric data itself. Context-boundary enforcement must cover identifier-based linking, not just template transfer.

Industry Considerations

Retail and Hospitality. Retail deployments of facial recognition for loss prevention face intense pressure to share data with law enforcement. Organisations must implement context-boundary enforcement that requires formal context-transition authorisation for any law enforcement data sharing, including a legal review of the specific request, verification that the request is supported by appropriate legal authority (warrant, court order, or statutory power), and data subject notification where legally permissible. Blanket data-sharing agreements that provide standing access to biometric databases should be prohibited as they eliminate the case-by-case proportionality assessment that context-transition governance requires.

Employment. Employee biometric data is particularly vulnerable to context creep because the employer controls both the collection and the downstream use. Context boundaries must be especially rigorous for employee biometrics: data collected for access control must not be used for performance monitoring, data collected for time tracking must not be used for behavioural analytics, and data collected for safety compliance must not be used for disciplinary purposes. Employee biometric data should be subject to additional safeguards including employee representative consultation before any context transition.

Healthcare. Biometric data in healthcare contexts carries dual sensitivity — it is both biometric (special category under Article 9 GDPR) and health-related. Voice data from telemedicine consultations may reveal health information through vocal biomarkers. Facial data from patient identification may reveal medical conditions through visual indicators. Healthcare organisations must enforce strict context boundaries that prevent biometric data from flowing to insurance, research, or commercial analytics contexts without explicit, specific, and freely given consent.

Maturity Model

Basic Implementation — The organisation maintains a register of biometric data stores and their collection purposes. Access controls exist at the database or application level but do not enforce context-specific restrictions. Context-transition requests are handled through manual governance processes (email approvals, committee reviews) with no technical enforcement. Cross-context reuse is prevented by policy rather than by architecture.

Intermediate Implementation — Biometric data stores are partitioned by context with enforced access controls that include context as an access attribute. A context-transition gateway handles all cross-context requests through a defined workflow with logging and approval requirements. Derivative data tracking extends context boundaries to models trained on biometric data. Periodic audits verify that biometric data usage patterns align with registered contexts.

Advanced Implementation — All intermediate capabilities plus: context-bound encryption ensures that templates can only be decrypted within the authorised context. Automated context-drift detection identifies usage patterns that deviate from registered contexts. Identifier-based cross-context linking is monitored and controlled. The organisation can demonstrate to regulators the complete context history of any biometric template — where it was collected, what contexts it has been used in, and what authorisations exist for each use — with response time under four hours.

7. Evidence Requirements

Required artefacts:

• Context registry. A complete registry of all biometric data stores, including the collection context (purpose, collecting entity, operational domain, consent basis), the data subjects covered, and the permitted uses. Format: structured data (JSON, CSV, or database export). Updated within 30 days of any change.
• Context-transition logs. Tamper-evident logs of all context-transition requests — both approved and denied — including the requesting principal, source and destination contexts, justification, lawful basis assessment, approval chain, and disposition. Minimum 12 months of records.
• Access control policy documentation. The ABAC or equivalent policy definitions that enforce context-boundary restrictions on biometric data stores, including the context attributes used and the deny-by-default configuration.
• Context-transition authorisation records. For every approved context transition, the full authorisation record including the proportionality assessment, lawful basis analysis, data subject notification evidence (or justification for non-notification), and any conditions imposed.
• Context-drift audit reports. Reports from periodic audits verifying that biometric data usage patterns align with registered contexts, including any drift detected and remediation actions taken.

Retention requirements:

• Context registry and transition logs: minimum 7 years for regulated financial services and public sector; minimum 5 years for healthcare and safety-critical deployments; minimum 3 years otherwise.
• Retention must extend at least 12 months beyond the deletion of the biometric data to which the records relate.

Access requirements:

• Producible to regulators or auditors within 72 hours of request. Context registry must be queryable in real time for operational governance purposes.

8. Test Specification

Test 8.1: Context Registry Completeness

• Stimulus: Enumerate all biometric data stores across the organisation's infrastructure. Compare the discovered stores against the context registry.
• Expected behaviour: Every biometric data store appears in the context registry with a complete context record (purpose, collecting entity, operational domain, consent basis).
• Pass criteria: 100% of biometric data stores are registered with complete context metadata. No unregistered biometric data stores exist.
• Fail criteria: Any biometric data store is missing from the registry, or any registered store has incomplete context metadata.
• Traces to: Requirement 4.1.

Test 8.2: Cross-Context Access Denial

• Stimulus: From a service operating in Context A (e.g., marketing analytics), submit a query to a biometric data store registered in Context B (e.g., retail loss prevention). No context-transition authorisation exists for this combination.
• Expected behaviour: The access control system denies the query. A context-transition denial event is logged with the requesting principal, source context, destination context, and timestamp.
• Pass criteria: The query is denied. The denial is logged. No biometric data is returned.
• Fail criteria: The query succeeds and returns biometric data, or the denial is not logged.
• Traces to: Requirements 4.2, 4.3, 4.5, 4.6.

Test 8.3: Context-Transition Workflow Enforcement

• Stimulus: Submit a context-transition request through the governance gateway, specifying a source context, destination context, purpose, and lawful basis. Verify that the request enters the approval workflow and is not auto-approved.
• Expected behaviour: The request is logged, routed for review, and held in pending status until an authorised approver acts on it. No biometric data is accessible in the destination context while the request is pending.
• Pass criteria: The request enters the approval workflow. Data remains inaccessible in the destination context until approval is granted. The full request history is logged.
• Fail criteria: The request is auto-approved without review, or biometric data becomes accessible in the destination context before approval.
• Traces to: Requirement 4.4.

Test 8.4: Deny-by-Default Verification

• Stimulus: Create a new biometric data store and register it in Context C. Without creating any context-transition authorisations, attempt to access the store from every other registered context in the organisation.
• Expected behaviour: All cross-context access attempts are denied. Only access from within Context C succeeds.
• Pass criteria: Zero cross-context access attempts succeed. All denials are logged.
• Fail criteria: Any cross-context access attempt succeeds without an existing context-transition authorisation.
• Traces to: Requirement 4.5.

Test 8.5: Audit Log Tamper Evidence

• Stimulus: Generate a series of context-transition events (both approvals and denials). Attempt to modify or delete entries in the context-transition audit log.
• Expected behaviour: Modification and deletion attempts are either prevented (immutable log) or detected (tamper-evident log with integrity verification). The original log entries remain intact and verifiable.
• Pass criteria: No log entry can be silently modified or deleted. Any tampering attempt is detected and alerted.
• Fail criteria: Log entries can be modified or deleted without detection.
• Traces to: Requirement 4.6.

Test 8.6: Model Training Context Enforcement

• Stimulus: Initiate a model training pipeline that attempts to load biometric templates from Context A as training data for a model that will be deployed in Context B. No context-transition authorisation exists.
• Expected behaviour: The training pipeline's data loading request is denied by the context-boundary access control. The training job fails with a context-violation error. The attempted access is logged.
• Pass criteria: The training pipeline cannot access biometric data from a different context. The denial is logged with sufficient detail to identify the training job, the data requested, and the context mismatch.
• Fail criteria: The training pipeline successfully loads biometric data from a different context, or the denial is not logged.
• Traces to: Requirement 4.7.

Test 8.7: Corporate Group Context Boundary Enforcement

• Stimulus: From a service operated by Legal Entity X within a corporate group, attempt to access biometric data collected and registered by Legal Entity Y within the same group. No inter-entity context-transition authorisation exists.
• Expected behaviour: The access is denied. The inter-entity access attempt is logged as a context-transition denial. The system does not treat intra-group access as implicitly authorised.
• Pass criteria: Intra-group cross-entity access is denied by default and logged. No biometric data is shared between group entities without explicit authorisation.
• Fail criteria: Biometric data is accessible across legal entities within the group without a context-transition authorisation.
• Traces to: Requirement 4.8.

Conformance Scoring

• Score 0: No cross-context controls — biometric data is accessible across all organisational contexts without restriction, logging, or governance review.
• Score 1: Basic policy controls — a governance policy prohibits cross-context biometric reuse, but enforcement is procedural (manual review) rather than technical. Some context metadata is maintained but access controls do not enforce context boundaries.
• Score 2: Technical enforcement — biometric data stores are partitioned by context with enforced access controls. A context-transition gateway handles cross-context requests through a logged and approved workflow. Deny-by-default is enforced. Model training context boundaries are enforced.
• Score 3: Cryptographic and comprehensive — all Score 2 controls plus context-bound encryption, automated context-drift detection, derivative data tracking, identifier-based linking controls, and demonstrated ability to produce complete context histories for any biometric template on demand.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 5(1)(d) (Prohibited AI Practices — untargeted facial image scraping)	Direct requirement
EU AI Act	Article 26 (Obligations of Deployers — high-risk AI systems)	Supports compliance
EU GDPR	Article 5(1)(b) (Purpose Limitation)	Direct requirement
EU GDPR	Article 9 (Processing of Special Categories of Personal Data)	Direct requirement
EU GDPR	Article 35 (Data Protection Impact Assessment)	Supports compliance
UK GDPR	Article 5(1)(b) (Purpose Limitation)	Direct requirement
UK Data Protection Act 2018	Section 35 (Law Enforcement Processing — Purpose Limitation)	Supports compliance
Illinois BIPA	Section 15(d) (Disclosure/Dissemination Restrictions)	Direct requirement
NIST AI RMF	GOVERN 1.1, MAP 1.5, MANAGE 3.1	Supports compliance
ISO 42001	Clause 6.1 (Actions to Address Risks), Clause 8.4 (AI System Operation)	Supports compliance

EU GDPR — Article 5(1)(b) (Purpose Limitation)

Article 5(1)(b) requires that personal data be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes. Biometric data — classified as special category data under Article 9 — is subject to heightened purpose limitation requirements. Cross-context reuse of biometric data is, in most cases, incompatible further processing: a facial template collected for retail loss prevention is being processed for a fundamentally different purpose when used for law enforcement identification. AG-674 implements technical controls that enforce Article 5(1)(b) at the system architecture level, preventing incompatible processing before it occurs rather than relying on after-the-fact regulatory enforcement.

Illinois BIPA — Section 15(d)

Section 15(d) prohibits any private entity in possession of biometric identifiers or biometric information from disclosing, redisclosing, or otherwise disseminating such data unless certain conditions are met — including consent of the data subject, completion of a financial transaction requested by the data subject, or a valid warrant or subpoena. BIPA's strict liability framework and private right of action have resulted in settlements exceeding $1 billion. AG-674's context-transition gateway directly supports BIPA compliance by ensuring that no biometric data is disclosed outside the collection context without a documented authorisation that satisfies statutory requirements.

EU AI Act — Article 5(1)(d)

Article 5(1)(d) prohibits the creation or expansion of facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage. While this provision targets the creation of databases rather than reuse per se, cross-context reuse of facial recognition templates effectively expands the database's operational scope beyond its original purpose — achieving the same surveillance expansion that Article 5(1)(d) is designed to prevent. AG-674 ensures that facial recognition databases remain bounded to their collection context, preventing the functional equivalent of database expansion through context creep.

10. Failure Severity

Field	Value
Severity Rating	Critical
Blast Radius	Population-scale — potentially affecting every individual whose biometric data has been collected across any context in the organisation or corporate group

Consequence chain: Failure of cross-context biometric reuse governance creates cascading harms across multiple dimensions. First, mass surveillance capability: when biometric databases collected for benign purposes (retail access, employee attendance, patient verification) become accessible across contexts, the organisation or its data-sharing partners gain surveillance capabilities that no individual consented to. A facial recognition database of 4.7 million retail shoppers, when shared with law enforcement, becomes an identification tool of near-population-scale coverage in the relevant geographic area. Second, discrimination and chilling effects: cross-context biometric reuse enables profiling that individuals cannot detect or contest. Employee biometrics used for productivity scoring create discriminatory employment practices. Voice biometrics used for insurance underwriting introduce health-based discrimination. Facial recognition shared between commercial and government contexts chills the exercise of rights to assembly and protest. Third, irrevocability: unlike credentials or account numbers, biometric identifiers cannot be changed. When a facial template or voiceprint is improperly reused across contexts, the affected individual cannot remediate the exposure — they cannot change their face or voice. The harm persists indefinitely. Fourth, regulatory catastrophe: purpose limitation violations involving biometric data attract the highest penalties under GDPR (up to 4% of global annual turnover), the highest per-violation damages under BIPA ($5,000 per intentional violation), and the most severe regulatory responses across all data protection frameworks. A single cross-context reuse incident affecting a large biometric database can result in fines exceeding £10 million, class action liability, mandatory deletion orders, and reputational damage that undermines public trust in the organisation's AI deployments for years.

Cross-references: AG-001 (Governance Framework) provides the overarching governance structure within which biometric context boundaries operate. AG-029 (Data Governance & Lifecycle Management) establishes data governance principles that AG-674 specialises for biometric data. AG-030 (Cross-Border Data Transfer) addresses geographic transfer restrictions that interact with context boundaries when biometric data crosses jurisdictions. AG-033 (Data Minimisation & Purpose Limitation) provides the general purpose limitation framework that AG-674 enforces specifically for biometric contexts. AG-036 (Purpose Limitation Enforcement) addresses technical enforcement of purpose limitation broadly. AG-037 (Consent Management) provides the consent infrastructure on which context-transition authorisations depend. AG-040 (Data Subject Rights Fulfilment) ensures individuals can exercise rights including access and deletion across all contexts. AG-055 (Third-Party and Supply-Chain Governance) governs the vendor relationships through which cross-context biometric sharing often occurs. AG-210 (Contextual Integrity Preservation) provides the theoretical framework for context-appropriate information flows that AG-674 applies specifically to biometric data. AG-669 through AG-678 form the sibling landscape for Biometrics, Emotion & Identity Analytics.