January 27, 2023

For Data Privacy Week meet two of iProov’s data privacy experts: Campbell Cowie, Head of Policy, Standards & Regulatory Affairs, and Nilma Bonelli, Head of Compliance and Information Security. Both ensure that what we do has data privacy at its core, driving important conversations with policymakers and maintaining our position as the most validated provider of biometric face authentication and liveness detection.

First, hello Nilma and Campbell, it’s great to have you here for Data Privacy Week! Data privacy week is all about having important discussions around enabling user trust and data protection. 

Tell us about your background and role here at iProov. 


Hello! My role here is multifaceted – a bit of a nexus between the policymaking world and iProov. 

On one hand, I represent iProov to policymakers. I explain to them what it is we do, where biometrics can add value, and how we can contribute to the delivery of various government and regulatory objectives in the spaces of privacy, data protection, anti-money laundering, digital economy and more.

On the other hand, I also represent policymakers to iProov. That means regular conversations with our Senior Leadership Team about what the policymakers are trying to do; how it impacts us, why it matters, and what it is policymakers are trying to achieve. 

When we talk to policymakers we’re bringing a solution to the table. Biometrics and digital identity are essential parts of the digital economy and policy environment, and actually what we do solves a lot of very long-standing regulatory and policy concerns about trust in the internet and digital economy, and fraud in finance. 


Hello! I’m iProov’s Head of Compliance and Information Security. One purpose of my function is to make sure that iProov complies with the applicable laws and standards. We also work to establish and enhance all relevant policies, processes, procedures, and practices that keep us compliant with the ever-changing requirements and, of course, keeping us up to date with industry best practices. 

I work with all parts of the business; various internal and external stakeholders and interested parties to keep valuable assets secure. 

My team works to promote our compliance practices and compliance culture, whilst preventing and mitigating potential risks through our people, process and technology.  


 What Nilma and her team do strengthens our position in policy debates. Because we are trusted with people’s data, it becomes a great thing for us to talk about with policymakers. Without accreditations that ensure we can be trusted, we wouldn’t be a part of key policy debates and be in a position to engage with policymakers – we would likely lose customers, or have difficulty attracting new customers.

What Nilma and her team do is really important for our credibility in the policy and regulatory world as well. 

What do you think data policies should aim to achieve?


From my point of view, data policies should serve two purposes. The first is that data policies need to create an environment for responsible innovation to take place in the digital economy. Secondly, they should enable trust where customers feel confident in who is handling their data, and that it is kept secure.

There’s a sweet spot in the middle between the innovation and the trust that policymakers are trying to achieve. 

Regulations are constantly evolving –  what are the current conversations happening in data policy?


Within the EU, we’ve got ongoing conversations around digital ID schemes, and the AI Act. The EU is proposing reforms to GDPR such as bringing a much more strategic regulatory framework for it. And we will likely see changes brought forward over the course of the year.

In the UK we’re seeing a shift to a much more strategic focus on data protection. For example, the Information Commissioner’s Office has been instructed by the government to be a much more strategic regulator. An example we’re already seeing is that they’re working on a set of guidelines for biometric technologies, and from our perspective, we need to look at the impact this will have on our processes.

Over in the US, they don’t currently have a pan-US set of data protection rules, it’s run state by state. This year alone three new states have introduced privacy rules, and over the next year, we’ll continue to see the growth of state-by-state data privacy legislation.

How do you work to ensure iProov is compliant with new regulations that come in place?


Laws and regulations, especially in the data privacy space, are continuously changing and evolving. This means that for any business it is imperative to keep upto-date with the latest privacy developments. 

At iProov we utilise multiple tools, platforms, and expertise, to stay up to date with these changes. Where possible we like to be a part of that change and development; it’s very much in Campbell’s area to make sure we’re part of these initial discussions to shape policy.

That being said, staying abreast of legislative changes is only one aspect. We also need to translate these regulations into: internal policies, processes, procedures and ways of working.  For example, we need to look at technical implementation, streamlined processes and internal training to adhere to, and illustrate our compliance with applicable laws, regulations and standards.

Can you tell us a bit about the future of data privacy?


One, I think we’re going to see more regulation coming. It’s worth remembering that only 65% of the world’s population currently is covered by data protection rules. So there is still 35% of the world that has no data protection application whatsoever. I think we’ll continue to see coverage of regulation grow.

Another key shift we’ll see is the question of ethics in data protection, particularly in the world of AI. I expect there will be conversations around the Metaverse and how you protect and govern the set of digital footprints within a completely digital environmentidentity in the Metaverse will certainly bring an interesting set of challenges.

How does iProov stand out from other competitors in the biometric technology space when it comes to compliance and data privacy?


In my view, there are three core areas that make iProov stand out:

The first is our values. iProov has very clear and well-defined values, which have been well adopted across the company. One of our key values is integrity. Therefore, being honest, moral, and always doing the right thing is very important to us. This facilitates a really strong compliance and information security culture. 

Second is that privacy is at the heart of what we do. We take data privacy and compliance very, very seriously. This is strongly driven by our leadership team. It has also been taken exceptionally seriously across all parts of the organization. Information security is holistically accepted as ‘business as usual’. This in turn has led us to become one of the most certified biometric companies in the world. And this number will only continue to increase as we continue to set the bar higher for ourselves.

Finally, what helps iProov achieve the remarkable is that we’re always looking to improve. We’re always looking to raise the bar, and we’re always looking to do things better and smarter. In a fast-paced, changing environment, this is where I believe iProov stands out from the crowd. 

Key Takeaways:

  • The future of data privacy: Currently, 65% of the world is covered by data protection, and we’ll expect to see this number continue to grow.
  • We’re trusted with people’s data: iProov is part of key conversations with policymakers, to bring about solutions to long-standing regulatory and policy concerns about trust in the digital economy.
  • At iProov we prize our integrity: Privacy and data protection are at the heart of what we do, and we harbor a strong compliance and information security culture. We continue to look at high to raise the bar higher for ourselves as the most certified biometric solution.