biometrics and data protection dr. yue liu forum rettsinformatikk 2011
TRANSCRIPT
Biometrics and Data Protection
Dr. Yue Liu Forum rettsinformatikk 2011
AgendaIntroduction to Biometric
TechnologyPrivacy Concerns at Different
StagesMajor Legal Sources and Crucial
Legal ProblemsSample Cases in NorwayFindings and Recommendations
Introduction to Biometric Technology
Definition: The automatic recognition of
individuals based on their behavioural and biological characteristics
(ISO SC37 Harmonized Biometric Vocabulary)
Introduction to Biometric TechnologyBehavior: voice, keystroke, gait, signature…
Physiological Fingerprint, iris, facial, retina,
palm…DNA?Not externally observable
Introduction to Biometric TechnologyVerification (authentication):
◦ are you whom you claim to be? ◦ one to one match◦ Central or decentralized database
Identification: ◦ Who are you? ◦ One to many match◦ Central database
Introduction to Biometric TechnologyFunction process of biometrics Enrolment
Matching
PersonMeasuri
ng Device
Stored Template
Matching
Result
PersonMeasuri
ng Device
Live Templat
e
Introduction to Biometric TechnologyEU and Biometric applications EURODACSIS IIVISEuropean Biometric PassportsOther: entrance control etc.
Privacy Concerns at Different Stages
Enrolment :Quality: FR, FApurpose, awareness, consent, data,
responsibility , unnecessary collection, scale, data controllers,
Storage: How? location central/local token
(irreversibility, link ability, security, cost, responsibility ), PET
What ? raw image/template (health information,
Privacy Concerns at Different StagesMatching Access/user authorityUpdating Spoofing, stolen, security, fallback
procedures
Major Legal Sources of Data ProtectionOECD Guidelines EC: Convention 108, Data
Protection Directive (95/46/EC;97/66/EC;2002/58/EC)
Regulation (EC) No 45/2001EU: ECHR- Marper case
Crucial Legal ProblemsECHR art 8 (2) Derogations: public and social interest;
national security How to apply?
S and Marper v. UK 1) Is there an interference with privacy? 2) In accordance with the law3) Legitimate aim4) proportional and margin of appreciation
Crucial Legal ProblemsP.G and J.H. v. UK“private life considerations may arise…once any
systematic or permanent record comes into existence of such material from the public domain.”
Peck v. UK “the relevant moment was viewed to an
extent which far exceeded any exposure to a passer-by or to security observation…and to a degree surpassing that which the applicant could possibly have foreseen when he walked in [the street]”
Crucial Legal ProblemsBiometric as personal data
(anonymization)◦ Personal data any information relating
to an identified or identifiable natural person (art2 a)
◦ An identifiable person is one can be identified directly or indirectly in particular by reference to an identification number or one or more factors that specific to his physical, physiological, and mental(…) identity
Crucial Legal ProblemsBiometrics as sensitive personal
data◦Health indication...which, how ◦Racial related, ◦linking and tracking ability. ◦Context-various
Crucial Legal Problemsit is not sufficient to consider the grading
this data element has been given isolated, one must also take into account what information one thereby may connect to the nexus-person. This may provide a basis for data security deliberation the submission of the key resents in itself a threat to the protection of highly sensitive information, an increased risk of undesired access to personal information.
----Bing, 1972 p.107-108
Crucial Legal ProblemsPrinciple of proportionality
(art6.8.14.15) ◦Suitability, necessity and non-
excessiveness◦Balancing test◦Least drastic means test ◦Huber case: effectively applied
-----nature of purposes, availability and effectiveness of other alternatives, loss of data subject, efficacy
Crucial Legal ProblemsPrinciple of proportionality European organizations’ opinion
about proportionality and biometrics (consultative committee 108 , WP29, EDPS)
Crucial legal problems
Proportionality in biometric context: ◦Biometric template/raw image◦Link with sensitive information◦Avoiding unnecessary storage◦Adequate, relevant and not
excessive◦Storage length ◦Type of biometrics◦Assessment of risks
Sample cases in NorwayPrinciple of proportionality (DPAs)Article 12 of Personal Data Act of
Norway
National identify numbers and other clear means of identification may only be used in the processing when there is an objective need for certain identification and the method is necessary to achieve such identification.
Sample cases in NorwayReversed cases
Case1: Tysvær MunicipalityCase 2: Esso Norge
Upheld casesCase 3: Rema 1000Case 4: Oxigeno Fitness
Sample cases in Norway
Data inspectorate: 1.Actual objective need for ensuring
identification and the method is necessary for such identification
2.Article 8,9 and 11 3. Not meaningful to distinguish raw
biometric image/template4.Encryption is a measure for security
but not decisive factor
Case analysisIdentification and authentication Understanding the article 12.1. PVN: interpretation of “identification
method”: as a key, or used for authentication afterwards
2. Focus of article 12: necessary, “identification” in general sense
3. only identification is mentioned, does not indicate authentication is prohibited
4. Main purpose of the Personal Data Act
Case analysisIdentification and authentication Is it necessary to differentiate the
between identification and authentication when regulating biometrics?
- What are the differences between identification and authentication when privacy is concerned?
- What will be the legal value of regulatory differentiation based on such differences?
(Line between identification and authentication )
Sample cases in NorwayNecessityData Inspectorate:The requirement of necessity in the first
paragraph will only be fulfilled when other or less accurate identification measure such as name, address or customer number are not sufficient. It is also important to consider the importance of such accurate identification for the user and what kind of consequences a mistake can cause. In addition , social need can also be considered.
Sample cases in Norway Tysvær: Alternatives, smart card ESSO: Consent and alternativesRema 1000: alternatives and
trust, balance interest
Sample cases in NorwayStorage: Tysvær: encrypted server and
sensing device, authenticationESSO: central database too, live
authentication Rema 1000: local terminal linked
to network, identification and authentication
Fitness: local database, identification
Sample cases in NorwayDiffer central storage and local
storage? …storage of the biometric data by the
data controllers is unfortunate, and should be avoided. Therefore it is unnecessary to differentiate between local or central storage
----Datatilsynet,2006
Avoiding unnecessary storage: portable token/central storage
Length of storage
Sample cases in Norway
Consent:It is still uncertain what kind of policy should be
adopted concerning the notice and consent requirements in the biometric context
---Datatilsynet ,2006
Informed consent Possible alternativeUnequal Contract Suggestion: Grading systemProportionality and consent
Main findings and Recommendations Biometric data as a special
category of personal dataArticle12 be reformulated. Proportionality in biometric
context: benefits, risks, alternatives, inevitable need, choice of biometrics, storage location and length, purpose, identification and authentication, testing, quality control
Informed consent, grading system
Other information:
Best Practices in Privacy Guidelines:
FIDISBITEPRIMEArticle 29 Working PartyCEPSOECDEuropean Commission
Thank you for your attention!