Biometrics and the Challenge to Human Rights in Europe. Need for Regulation and Regulatory Distinctions

This report calls for regulation. With biometric applications gradually rolling out in the public and private sector, legislation, even detailed legislation, on the use of biometrics might make compliance to general data protection principles more likely than it is today. A regulatory distinction needs to be made between large scale information systems at EU level and others. The former are in need of tailor made data protection solutions and require (with every new system added or altered) a separate parliamentary and democratic debate. The latter are in need of guidance and best practices, which once found, should be better enforced. Today codification of best practices as developed by DPA’s and other regulatory or supervisory authorities becomes a possibility. We see no good reason not to affirm that public or private controllers of data should not store raw data (because it is unique and therefore dangerous), not collect fingerprints (because fingerprints leave traces and are not accepted by many), not store biometrics in a central database (there are alternatives), or should encrypt biometric data used for processing, should use multiple authentications, should offer alternative schemes of authentication when biometrics are asked on basis of consent, should in case of a rejection, as a result of a biometric system, be obliged to re-examine the case and should, where necessary, offer appropriate alternative solutions. It is true that the technical possibilities of biometrics make its assessment complex, but by making the right regulatory distinctions this can be overcome.

[1]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .

[2]  J.H.A.M. Grijpink,et al.  Biometrics and identity fraud protection: Two barriers to realizing the benefits of biometrics - A chain perspective on biometrics, and identity fraud - Part II , 2005, Comput. Law Secur. Rev..

[3]  David J. Phillips Privacy policy and PETs , 2001, New Media Soc..

[4]  Wim Schreurs,et al.  Machine-readable identity documents with biometric data in the EU. Overview of the legal framework. , 2007 .

[5]  Sabine Delaitre,et al.  Biometrics at the Frontiers: Assessing the Impact on Society , 2005 .

[6]  Herman T. Tavani,et al.  Privacy protection, control of information, and privacy-enhancing technologies , 2001, CSOC.

[7]  Philip Brey,et al.  Ethical aspects of facial recognition systems in public places , 2004, J. Inf. Commun. Ethics Soc..

[8]  Serge Gutwirth,et al.  Profiling the European Citizen, Cross-Disciplinary Perspectives , 2008 .

[9]  Roger Brownsword Reinventing Data Protection , 2009 .

[10]  M. Levi,et al.  Technologies, Security, and Privacy in the Post-9/11 European Information Society , 2004 .

[11]  A.C.J. Sprokkereef,et al.  The Use of Privacy Enhancing Aspects of Biometrics : Biometrics as a PET (privacy enhancing technology) in the Dutch private and semi-public domain , 2009 .

[12]  D. Lyon Surveillance as social sorting : privacy, risk, and digital discrimination , 2003 .

[13]  Irma van der Ploeg,et al.  The illegal body: `Eurodac' and the politics of biometric identification , 1999, Ethics and Information Technology.

[14]  Vasilios Zorkadis,et al.  On biometrics-based authentication and identification from a privacy-protection perspective: Deriving privacy-enhancing requirements , 2004, Inf. Manag. Comput. Secur..

[15]  Annemarie Sprokkereef,et al.  Data Protection and the Use of Biometric Data in the EU , 2007, FIDIS.

[16]  Anil K. Jain,et al.  Fingerprint Reconstruction: From Minutiae to Phase , 2011, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[17]  Alex Stoianov,et al.  Chapter 26. Biometric Encryption: The New Breed of Untraceable Biometrics , 2009 .

[18]  Serge Gutwirth,et al.  Data Protection in a Profiled World , 2010, Data Protection in a Profiled World.

[19]  Alessandra Lumini,et al.  Fingerprint Image Reconstruction from Standard Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[20]  Luisa Marin,et al.  European data protection supervisor (EDPS) , 2013 .

[21]  Kai Rannenberg,et al.  The Future of Identity in the Information Society , 2009, The Future of Identity in the Information Society.

[22]  Serge Gutwirth,et al.  Regulating Profiling in a Democratic Constitutional State , 2008, Profiling the European Citizen.

[23]  J.H.A.M. Grijpink Biometrics and privacy , 2001 .

[24]  Adrian Cho University Hackers Test the Right to Expose Security Concerns , 2008, Science.

[25]  A.C.J. Sprokkereef,et al.  ETHICAL PRACTICE IN THE USE OF BIOMETRIC IDENTIFIERS WITHIN THE EU , 2007 .

[26]  Els Kindt Biometric applications and the data protection legislation , 2007, Datenschutz und Datensicherheit - DuD.

[27]  Gerrit Hornung The European Regulation on Biometric Passports: Legislative Procedures, Political Interactions, Legal Framework and Technical Safeguards , 2007 .

[28]  J. Dumortier,et al.  Biometrie als herkenning- of identificatiemiddel? Enkele juridische beschouwingen , 2008 .

[29]  J.H.A.M. Grijpink Privacy Law: Biometrics and privacy , 2001, Comput. Law Secur. Rev..

[30]  L. Schaade,et al.  Case Study – Germany , 2012, Biopreparedness and Public Health.

[31]  Serge Gutwirth,et al.  From Unsolicited Communications to Unsolicited Adjustments , 2010, Data Protection in a Profiled World.

[32]  Wim Schreurs,et al.  Machine-readable identity documents with biometric data in the EU. Critical Observations. Part IV , 2007 .

[33]  Ifip Wg,et al.  The Future of Identity in the Information Society - Proceedings of the Third IFIP WG 9.2, 9.6/ 11.6, 11.7/FIDIS International Summer School on The Future of Identity in the Information Society, Karlstad University, Sweden, August 4-10, 2007 , 2008, FIDIS.

[34]  Martin Meints,et al.  High-Tech ID and Emerging Technologies , 2009, The Future of Identity in the Information Society.

[35]  P. Hert,et al.  Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalisation in Action , 2009 .

[36]  Yue Liu,et al.  The principle of proportionality in biometrics: Case studies from Norway , 2009, Comput. Law Secur. Rev..

[37]  A. Alterman,et al.  ``A piece of yourself'': Ethical issues in biometric identification , 2003, Ethics and Information Technology.

[38]  Serge Gutwirth,et al.  Privacy and the Criminal Law , 2006 .

[39]  Gerrit Hornung Die digitale Identität , 2005 .

[40]  Marcus Turle Freedom of information and data protection law - A conflict or reconciliation? , 2007, Comput. Law Secur. Rev..