An Example of Privacy and Data Protection Best Practices for Biometrics Data Processing in Border Control: Lesson Learned from SMILE

Biometric recognition is a highly adopted technology to support different kinds of applications, ranging from security and access control applications to low enforcement applications. However, such systems raise serious privacy and data protection concerns. Misuse of data, compromising the privacy of individuals and/or authorized processing of data may be irreversible and could have severe consequences on the individual’s rights to privacy and data protection. This is partly due to the lack of methods and guidance for the integration of data protection and privacy by design in the system development process. In this paper, we present an example of privacy and data protection best practices to provide more guidance for data controllers and developers on how to comply with the legal obligation for data protection. These privacy and data protection best practices and considerations are based on the lessons learned from the SMart mobILity at the European land borders (SMILE) project.

[1]  Sule Yildirim Yayilgan,et al.  How to Do It Right: A Framework for Biometrics Supported Border Control , 2019, e-Democracy.

[2]  Josep Domingo-Ferrer,et al.  Privacy by design in big data: An overview of privacy enhancing technologies in the era of big data analytics , 2015, ArXiv.

[3]  Josep Domingo-Ferrer,et al.  Privacy and Data Protection by Design - from policy to engineering , 2014, ArXiv.

[4]  Sule Yildirim Yayilgan,et al.  Border Control and Use of Biometrics: Reasons Why the Right to Privacy Can Not Be Absolute , 2019, Privacy and Identity Management.

[5]  Paul Voigt,et al.  The Eu General Data Protection Regulation (Gdpr): A Practical Guide , 2017 .

[6]  Marit Hansen,et al.  A Process for Data Protection Impact Assessment Under the European General Data Protection Regulation , 2016, APF.

[7]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[8]  Nasir D. Memon How Biometric Authentication Poses New Challenges to Our Security and Privacy [In the Spotlight] , 2017, IEEE Signal Process. Mag..

[9]  Lina Jasmontaite,et al.  Data Protection by Design and by Default , 2018 .

[10]  Lech J. Janczewski,et al.  "Need-to-know" principle and fuzzy security clearances modelling , 2000, Inf. Manag. Comput. Secur..

[11]  Jaap-Henk Hoepman,et al.  A Critical Analysis of Privacy Design Strategies , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[12]  Niels van Dijk,et al.  Data protection impact assessments in the European Union. Complementing the new legal framework towards a more robust protection of individuals , 2017 .

[13]  Angus Willoughby Biometric Surveillance and the Right to Privacy [Commentary] , 2017, IEEE Technol. Soc. Mag..

[14]  Paul Voigt,et al.  The EU General Data Protection Regulation (GDPR) , 2017 .

[15]  Margit Sutrop,et al.  Ethical Issues in Governing Biometric Technologies , 2010, ICEB.