Future of Identity in the Information Society Summary

Total Page:16

File Type:pdf, Size:1020Kb

Future of Identity in the Information Society Summary FIDIS Future of Identity in the Information Society Title: “D13.4: The privacy legal framework for biometrics” Authors: WP13.4 Editors: Els Kindt (K.U.Leuven, Belgium), Lorenz Müller (AxSionics, Switzerland) Reviewers: Jozef Vyskoc (VAF, Slovakia), Martin Meints (ICCP, Germany) Identifier: D13.4 Type: Deliverable Version: 1.1 Date: 8 May 2009 Status: Final Class: Public File: Summary The present report reviews the fundamental right to privacy and data protection which shall be assured to individuals and the Directive 95/46/EC which provides more detailed rules on how to establish protection in the case of biometric data processing. The present framework does not seem apt to cope with all issues and problems raised by biometric applications. The limited recent case law of the European Court of Human Rights and the Court of Justice sheds some light on some relevant issues, but does not answer all questions. The report provides an analysis of the use of biometric data and the applicable current legal framework in six countries. The research demonstrates that in various countries, position is taken against the central storage of biometric data because of the various additional risks such storage entails. Furthermore, some countries stress the risks of the use of biometric characteristics which leave traces (such as e.g., fingerprint, face, voice…). In general, controllers of biometric applications receive limited clear guidance as to how implement biometric applications. Because of conflicting approaches, general recommendations are made in this report with regard to the regulation of central storage of biometric data and various other aspects, including the need for transparency of biometric systems. Copyright © 2004-09 by the FIDIS consortium - EC Contract No. 507512 The FIDIS NoE receives research funding from the Community’s Sixth Framework Program FIDIS D13.4 Future of Identity in the Information Society (No. 507512) Copyright Notice: This document may not be copied, reproduced, or modified in whole or in part for any purpose without written permission from the FIDIS Consortium. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All rights reserved. PLEASE NOTE: This document may change without notice – Updated versions of this document can be found at the FIDIS NoE website at www.fidis.net. Final , Version: 1.1 Page 2 File: fidis_deliverable13_4_v_1.1.doc FIDIS D13.4 Future of Identity in the Information Society (No. 507512) Members of the FIDIS consortium 1. Goethe University Frankfurt Germany 2. Joint Research Centre (JRC) Spain 3. Vrije Universiteit Brussel Belgium 4. Unabhängiges Landeszentrum für Datenschutz (ICPP) Germany 5. Institut Europeen D'Administration Des Affaires (INSEAD) France 6. University of Reading United Kingdom 7. Katholieke Universiteit Leuven Belgium 8. Tilburg University1 The Netherlands 9. Karlstads University Sweden 10. Technische Universität Berlin Germany 11. Technische Universität Dresden Germany 12. Albert-Ludwig-University Freiburg Germany 13. Masarykova universita v Brne (MU) Czech Republic 14. VaF Bratislava Slovakia 15. London School of Economics and Political Science (LSE) United Kingdom 16. Budapest University of Technology and Economics (ISTRI) Hungary 17. IBM Research GmbH Switzerland 18. Centre Technique de la Gendarmerie Nationale (CTGN) France 19. Netherlands Forensic Institute (NFI)2 The Netherlands 20. Virtual Identity and Privacy Research Center (VIP)3 Switzerland 21. Europäisches Microsoft Innovations Center GmbH (EMIC) Germany 22. Institute of Communication and Computer Systems (ICCS) Greece 23. AXSionics AG Switzerland 24. SIRRIX AG Security Technologies Germany 1 Legal name: Stichting Katholieke Universiteit Brabant 2 Legal name: Ministerie Van Justitie 3 Legal name: Berner Fachhochschule Final , Version: 1.1 Page 3 File: fidis_deliverable13_4_v_1.1.doc FIDIS D13.4 Future of Identity in the Information Society (No. 507512) Versions Version Date Description (Editor) 0.1 11.01.2008 Suggested Table of Contents for Country Contributions (Els Kindt) 0.2 15.03.2008 First draft of privacy legal framework and country reports for Belgium and France (Els Kindt and Fanny Coudert) 0.3 15.05.2008 Updated draft of privacy legal framework for biometrics in the European Union (Els Kindt) 0.4 16.02.2009 Updating draft and country reports for Belgium and France and integration of draft country report for Switzerland (Els Kindt) 0.5 12.03.2009 Collection of country reports for Germany and United Kingdom and providing comments (Els Kindt) – Drafting introduction, conclusions and recommendations (Els Kindt) 0.6 24.03.2009 Finalizing first draft and internal posting (Els Kindt) 0.7 01.04.2009 Collection of the country report for the Netherlands and providing comments (Els Kindt) and integration of country reports for Germany, the Netherlands and the United Kingdom 0.8 04.04.2009 Finalizing first completed draft ; review and finalizing introduction, conclusions, and recommendations (Els Kindt) Internal posting for review and input contributors on recommendations (Els Kindt) 0.9 22.04.2009 Finalizing completed draft and internal posting for internal review (Els Kindt) 1.0 08.05.2009 Final draft including comments of reviewers and submitted to the Commission for external review (Els Kindt) Final , Version: 1.1 Page 4 File: fidis_deliverable13_4_v_1.1.doc FIDIS D13.4 Future of Identity in the Information Society (No. 507512) Foreword FIDIS partners from various disciplines have contributed as authors to this document. The following list names the main contributors for the chapters of this document: Chapter Contributor(s) Executive Summary Els Kindt (K.U.Leuven) 1 Introduction Els Kindt (K.U.Leuven) 2 The Privacy Legal Els Kindt (K.U.Leuven) ; Suad Cehajic & Annemarie Sprokkereef Framework (TILT) (section 2.3 (pp. 28-29) and section 2.4) 3. Belgium Els Kindt (K.U.Leuven) 4. France Els Kindt (K.U.Leuven), Fanny Coudert (K.U.Leuven) (section 4.3.4 and section 4.5 (p.63)) 5. Germany Suad Cehajic & Annemarie Sprokkereef (TILT) 6. The Netherlands Paul De Hert & Annemarie Sprokkereef (TILT) 7. Switzerland Emmanuel Benoist (VIP) 8. The United Suad Cehajic & Annemarie Sprokkereef (TILT) Kingdom 9. Conclusions and Els Kindt, Jos Dumortier (K.U.Leuven), with review and input by Recommendations Lorenz Müller (AxSionics, Switzerland) and Emmanuel Benoist (VIP) Bibliography & Els Kindt (K.U.Leuven) Glossary Final , Version: 1.1 Page 5 File: fidis_deliverable13_4_v_1.1.doc FIDIS D13.4 Future of Identity in the Information Society (No. 507512) Table of Contents Executive Summary ................................................................................................................. 9 1 Introduction ....................................................................................................................10 2 The privacy legal framework for biometrics in the European Union ....................... 12 2.1 Introduction .............................................................................................................. 12 2.2 Fundamental rights in the European Union: Right to respect for privacy and the right to data protection ......................................................................................................... 14 2.2.1 Article 8 of the European Convention on Human Rights ................................ 14 2.2.2 Articles 7 and 8 of the EU Charter................................................................... 20 2.3 The Data Protection Directive 95/46/EC ................................................................. 21 2.4 The Framework Decision on the protection of personal data in the field of police and judicial cooperation in criminal matters ........................................................................ 28 2.5 A selective overview of opinions of the Article 29 Working Party and the EDPS on biometrics ............................................................................................................................. 30 2.5.1 Opinions and comments on the processing of biometrics in general............... 30 2.5.2 The use of biometrics in specific large scale systems in the EU...................... 32 2.6 The role of the National Data Protection Authorities .............................................. 36 2.7 Preliminary conclusion............................................................................................. 38 3 Belgium............................................................................................................................ 40 3.1 Introduction .............................................................................................................. 40 3.2 The spreading of biometric applications .................................................................. 40 3.2.1 Fields in which biometric applications are implemented................................. 40 3.2.2 National studies and debate about biometrics.................................................. 42 3.3 Legislation regulating the use of biometric data ...................................................... 43 3.3.1 General and specific privacy legal framework for biometrics ......................... 43 3.3.2 Legal provisions for government controlled ID biometric applications (passports, other civil ID biometric applications and law enforcement).........................
Recommended publications
  • Biometrics: Enhancing Security Or Invading Privacy?
    BIOMETRICS: ENHANCING SECURITY OR INVADING PRIVACY? OPINION Published by The Irish Council for Bioethics 1 Ormond Quay Lower, Dublin 1. E-mail: [email protected] Website: www.bioethics.ie © Irish Council for Bioethics 2009 All or part of this publication may be reproduced without further permission, provided the source is acknowledged. Biometrics: Enhancing Security or Invading Privacy? Opinion. Published by The Irish Council for Bioethics, Dublin ISBN 978-0-9563391-0-2 Price €10.00 BIOMETRICS: ENHANCING SECURITY OR INVADING PRIVACY? Preface Biometric technologies including iris, voice, fingerprint and vein pattern recognition – once the realm of science fiction and film – are now becoming more of a daily reality. The potential biometrics provides as an individual identifier has resulted in the widespread diffusion of this technology into people’s lives. For example, Irish citizens now encounter biometric applications in many different situations, such as for workplace time and attendance, for physical and logical access (e.g. for laptops) and particularly in relation to international travel. In addition, Ireland is now recognised as a European hub for biometric research in both industry and academia. Indeed, the European Biometrics Forum (a European-wide stakeholder group supporting the appropriate use of biometric technologies) was established in Dublin and is part funded by the Irish government. Given Ireland’s involvement in and contribution to biometric research, the Irish Council for Bioethics (the Council) considered it appropriate to examine the ethical, social and legal issues associated with biometric technologies and the collection, use and storage of biometric information. This opinion document outlines the Council’s views and recommendations on these issues.
    [Show full text]
  • The Relationship Between Biometric Technology and Privacy: a Systematic Review
    Future Technologies Conference (FTC) 2017 29-30 November 2017| Vancouver, Canada The Relationship between Biometric Technology and Privacy: A Systematic Review Zibusiso Dewa School of Computer Science and Informatics De Montfort University Leicester, UK [email protected] Abstract—As the demand for biometric technology grows its of the technology. Regulators, policy developers, privacy very implementation appears poised for broader use and commissioners and privacy advocates are important as they can increased concerns with regard to privacy have been raised. encourage public debate, establish and enforce legislation and Biometric recognition is promoted in a variety of private and safe data practices that maintain trust [2]. government domains, helping to identify individuals or criminals, provide access control systems to enable efficient access to In the last decade, the infrastructure of Information services, helping keep patient data safe amongst other functions. Communication Technology has seen huge changes in the way However, new advances in biometrics have brought forth it operates. Modern ICT ecosystems utilise the connection of widespread debate amongst researchers with concerns multiple devices and services, all with the capability of surrounding the effectiveness and management of biometric processing and storing large streams of ―Big Data‖ in real time, systems. Further questions arise about their appropriateness and enabling a process known as data analytics [61]. Data societal impacts of use. This review begins by providing an Analytics affords the users‘ ability to identify future trends or overview of past and present biometric technological uses and the establish strategic plans using large streams of data [61]. serious problems they pose to privacy. It then factors that play a Furthermore, developments such as the Internet of Things, part in the implementation of privacy in biometrics.
    [Show full text]
  • Article Building Biometrics
    Building Biometrics: Article Knowledge Construction in the Democratic Control of Surveillance Technology Jonathan Bright PhD Candidate, European University Institute, Italy. [email protected] Abstract If surveillance technologies are to be democratically controlled, then knowledge of these technologies is required. What do they do? How do they work? What are the costs? Yet gaining this knowledge in the context of a new surveillance technology such as biometrics can be problematic, because no settled definition exists. Competing versions of biometrics appear in both public and governmental discourse on the technology: different ideas about how often it fails, where it can be used and even what it does. This paper is an exploration of how these different versions compete with each other, and how knowledge about a new surveillance technology such as biometrics is thus constructed. Through reference to original research in the context of the use of biometrics in the UK, points of stability and instability in the definition of biometrics are identified, and some of the processes through which instable definitions become stable are tracked. From this empirical story, conclusions are drawn both for the process of construction of the meaning of technologies, and the general practice of surveillance in modern society. In particular, this paper aims to show how notions such as democratic control (central to the legitimation of state surveillance) become problematic when the very meaning of a technology is negotiable. Introduction Over the last 10 years, the UK government has invested heavily in biometric technology, making it the key component in a range of upgrades to government identity systems: most significantly in biometric visas, biometric passports and of course the (eventually cancelled) biometric National Identity Scheme [NIS].
    [Show full text]
  • Biometric Surveillance in Schools: Cause for Concern Or Case for Curriculum?, Scottish Educational Review, 42 (1), 3-22
    Bryce, T.G.K., Nellis, M., Corrigan, A., Gallagher, H., Lee, P. & Sercombe, H. (2010) Biometric Surveillance in Schools: Cause for concern or case for curriculum?, Scottish Educational Review, 42 (1), 3-22. Biometric Surveillance in Schools: Cause for concern or case for curriculum? Tom Bryce, Mike Nellis, Amanda Corrigan, Hugh Gallagher, Peter Lee and Howard Sercombe University of Strathclyde ABSTRACT This article critically examines the draft consultation paper issued by the Scottish Government to local authorities on the use of biometric technologies in schools in September 2008 (see http://www.scotland.gov.uk/Publications/2008/09/08135019/0 ). Coming at a time when a number of schools are considering using biometric systems to register and confirm the identity of pupils in a number of settings (cashless catering systems, automated registration of pupils’ arrival in school and school library automation), this guidance is undoubtedly welcome. The present focus seems to be on using fingerprints, but as the guidance acknowledges, the debate in future may encompass iris prints, voice prints and facial recognition systems, which are already in use in non-educational settings. The article notes broader developments in school surveillance in Scotland and in the rest of the UK and argues that serious attention must be given to the educational considerations which arise. Schools must prepare pupils for life in the newly emergent ‘surveillance society’, not by uncritically habituating them to the surveillance systems installed in their schools, but by critically engaging them in thought about the way surveillance technologies work in the wider world, the various rationales given to them, and the implications - in terms of privacy, safety and inclusion - of being a ‘surveilled subject’.
    [Show full text]
  • Sprokkereef the Privacy Legal Framework for Biometrics The
    Tilburg University The privacy legal framework for biometrics de Hert, P.J.A.; Sprokkereef, A.C.J. Publication date: 2009 Document Version Publisher's PDF, also known as Version of record Link to publication in Tilburg University Research Portal Citation for published version (APA): de Hert, P. J. A., & Sprokkereef, A. C. J. (2009). The privacy legal framework for biometrics: The Netherlands. FIDIS. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Download date: 02. okt. 2021 FIDIS Future of Identity in the Information Society Title: “D13.4: The privacy legal framework for biometrics” Authors: WP13.4 Editors: Els Kindt (K.U.Leuven, Belgium), Lorenz Müller (AxSionics, Switzerland) Reviewers: Jozef Vyskoc (VAF, Slovakia), Martin Meints (ICCP, Germany) Identifier: D13.4 Type: Deliverable Version: 1.1 Date: 8 May 2009 Status: Final Class: Public File: Summary The present report reviews the fundamental right to privacy and data protection which shall be assured to individuals and the Directive 95/46/EC which provides more detailed rules on how to establish protection in the case of biometric data processing.
    [Show full text]
  • Quantum Surveillance and ‘Shared Secrets’ a Biometric Step Too Far?
    Quantum Surveillance and ‘Shared Secrets’ A biometric step too far? Juliet Lodge July 2010 The CEPS “Liberty and Security in Europe” publication series offers the views and critical reflections of CEPS researchers and external collaborators with key policy discussions surrounding the construction of the EU’s Area of Freedom, Security and Justice. The series encompasses policy-oriented and interdisciplinary academic studies and commentary about the internal and external implications of Justice and Home Affairs policies inside Europe and elsewhere throughout the world. Unless otherwise indicated, the views expressed are attributable only to the author in a personal capacity and not to any institution with which she is associated. This publication may be reproduced or transmitted in any form for non-profit purposes only and on the condition that the source is fully acknowledged. ISBN 978-94-6138-009-8 Available for free downloading from the CEPS website (http://www.ceps.eu) ©CEPS, 2010 CONTENTS 1. Introduction: Context – the Stockholm Programme and Information Management Strategy2 2. Maximising biometrics for EU information exchange and internal security......................... 4 2.1 Towards a European information model..................................................................... 5 3. Why biometrics?.................................................................................................................... 7 4. Changing biometrics.............................................................................................................
    [Show full text]
  • A Case Study of Biometrics in the National Identity Scheme in the United Kingdom
    Envisioning Technology through Discourse: A case study of biometrics in the National Identity Scheme in the United Kingdom Aaron K. Martin Information Systems and Innovation Group Department of Management London School of Economics and Political Science Thesis submitted for the degree of Doctor of Philosophy September 2011 1 Declaration I certify that the thesis I have presented for examination for the PhD degree of the London School of Economics and Political Science is solely my own work. The copyright of this thesis rests with the author. Quotation from it is permitted, provided that full acknowledgement is made. This thesis may not be reproduced without the prior written consent of the author. I warrant that this authorization does not, to the best of my belief, infringe the rights of any third party. 2 Envisioning technology through discourse: A case study of biometrics in the National Identity Scheme in the United Kingdom Abstract Around the globe, governments are pursuing policies that depend on information technology (IT). The United Kingdom’s National Identity Scheme was a government proposal for a national identity system, based on biometrics. These proposals for biometrics provide us with an opportunity to explore the diverse and shifting discourses that accompany the attempted diffusion of a controversial IT innovation. This thesis offers a longitudinal case study of these visionary discourses. I begin with a critical review of the literature on biometrics, drawing attention to the lack of in-depth studies that explore the discursive and organizational dynamics accompanying their implementation on a national scale. I then devise a theoretical framework to study these speculative and future-directed discourses based on concepts and ideas from organizing visions theory, the sociology of expectations, and critical approaches to studying the public’s understanding of technology.
    [Show full text]
  • Biometrics - Wikipedia
    10/19/2017 Biometrics - Wikipedia Biometrics Biometrics refers to metrics related to human characteristics. Biometrics authentication (or realistic authentication)[note 1] is used in computer science as a form of identification and access control.[1] It is also used to identify individuals in groups that are under surveillance. Biometric identifiers are then distinctive, measurable characteristics used to label and describe individuals.[2] Biometric identifiers are often categorized as physiological versus behavioral characteristics.[3] Physiological characteristics are related to the At Walt Disney World in Lake shape of the body. Examples include, but are not limited to fingerprint, palm veins, Buena Vista, Florida, face recognition, DNA, palm print, hand geometry, iris recognition, retina and biometric measurements are odour/scent. Behavioral characteristics are related to the pattern of behavior of a taken from the fingers of person, including but not limited to typing rhythm, gait,[4] and voice.[5][note 2] Some guests to ensure that a ticket researchers have coined the term behaviometrics to describe the latter class of is used by the same person from day to day biometrics.[6] More traditional means of access control include token-based identification systems, such as a driver's license or passport, and knowledge-based identification systems, such as a password or personal identification number.[2] Since biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods;
    [Show full text]