The EU’s Article 29 Working Party on the Protection of Individuals with regard to the Processing of Personal Data has released an opinion (Working Party pdf; archive pdf) on developments in biometric technologies, such as the lower cost and ease with which biometric technologies can be bought. The Working Party advises the European Commission on privacy and data protection issues.
In a news release (pdf), the Working Party said, “Where such commonly available biometric technologies are used without adequate safeguards the right to data protection of the concerned individual is at risk. In addition, many types of biometric data can be collected without the individual’s cooperation or knowledge, such as through video surveillance and facial recognition systems, and many violations could occur unnoticed.” Here’s the executive summary of the opinion:
Biometric systems are tightly linked to a person because they can use a certain unique property of an individual for identification and/or authentication. While a person’s biometric data can be deleted or altered the source from which they have been extracted can in general neither be altered nor deleted.
Biometric data are successfully and efficiently used in scientific research, are a key element of forensic science and a valuable element of access control systems. They can help to raise the security level and make identification and authentication procedures easy, fast and convenient. In the past the use of this technology was expensive and as a result of this economic constraint the impact on individuals’ data protection rights was limited.
In recent years this has changed dramatically. DNA analysis has become faster and affordable for almost everyone. The technological progress has made storage space and computing power cheaper; this made online picture albums and social networks with billions of photographs possible. Fingerprint readers and video surveillance devices have become an inexpensive gadget. The development of these technologies has contributed to make many operations more convenient, has contributed to solve many crimes and made access control systems more reliable, but it has also introduced new threats to fundamental rights. Genetic discrimination has become a real problem. Identity theft is no longer a theoretical threat.
While other new technologies that target large populations and have recently raised data protection concerns do not necessarily focus on establishing a direct link to a specific individual – or creating this link requires considerable efforts – biometric data, by their very nature, are directly linked to an individual. That is not always an asset but implies several drawbacks. For instance equipping video surveillance systems and smartphones with facial recognition systems based on social network databases could put an end to anonymity and untraced movement of individuals. On the other hand fingerprint readers, vein pattern readers or just a smile into a camera might replace cards, codes, passwords and signatures.
These and other recent developments are addressed in this Opinion to raise awareness among both the people concerned and the legislative bodies. These technical innovations that are very often presented as technologies that only improve the user experience and convenience of applications could lead to a gradual loss of privacy if no adequate safeguards are implemented. Therefore this Opinion identifies technical and organisational measures aiming at mitigating data protection and privacy risks and that can help to prevent negative impacts on European citizens’ privacy and their fundamental right to data protection.