In Debian Stretch libsane adds an ACL for group scanner via /lib/udev/rules.d/60-libsane.rule:
ENV{libsane_matched}=="yes", RUN+="/bin/setfacl -m g:scanner:rw $env{DEVNAME}" IIUC in Debian Buster this line is removed because local user access is given via libpam-systemd. scanbd stopped working in Buster because the group for daemon processes is set to scanner in /etc/scanbd/scanbd.conf and /lib/systemd/system/scanbm@.service. Since the scanbd package also supplies an udev rule to set the group of the device node to saned, the bug would be fixed by changing the group in scanbd.conf and scanbm@.service to saned.