The Risks Involved upon the Use of Biometric Data and Biometric Systems

This Chapter describes how biometric data processing operations are like ‘Pandora’s box’. Once the data are collected, they can be stored and used not only for recognizing individuals, but also for identifying citizens. The data are further fit as unique identifiers for linking information with the real world, for example across databases or through online network services. Identification, the right to identify and the use of identifiers are however legal issues and bound to strict rules. The ECtHR has clearly stated that protection of private life extends beyond a person’s name, to other means of personal identification. Since the stakes are high, forgery and (identity) theft will be around as well. Furthermore, there remains unclarity about the qualification of biometric data as ‘sensitive’ data, presently in the Reform proposals only deemed as to present ‘specific risks’. The Chapter further explains that the risks are not limited to the nature of the data but are also connected with the architecture and the specifications of a biometric system and that biometric data in one application can also be re-used for other purposes, commonly referred to as function creep. At the same time, the data are besides public authorities increasingly used by private actors as well, without coherent rules. The allegation that the processing of biometric data interferes with the fundamental right to respect for privacy is substantiated in this Chapter and approached from a legal point of view. Ethical and societal issues are briefly touched upon as well.