Biometrics and Data Protection

Dr. Yue Liu Forum rettsinformatikk 2011

AgendaIntroduction to Biometric

TechnologyPrivacy Concerns at Different

StagesMajor Legal Sources and Crucial

Legal ProblemsSample Cases in NorwayFindings and Recommendations

Introduction to Biometric Technology

Definition: The automatic recognition of

individuals based on their behavioural and biological characteristics

(ISO SC37 Harmonized Biometric Vocabulary)

Introduction to Biometric TechnologyBehavior: voice, keystroke, gait, signature…

Physiological Fingerprint, iris, facial, retina,

palm…DNA?Not externally observable

Introduction to Biometric TechnologyVerification (authentication):

◦ are you whom you claim to be? ◦ one to one match◦ Central or decentralized database

Identification: ◦ Who are you? ◦ One to many match◦ Central database

Introduction to Biometric TechnologyFunction process of biometrics Enrolment

Matching

PersonMeasuri

ng Device

Stored Template

Matching

Result

PersonMeasuri

ng Device

Live Templat

e

Introduction to Biometric TechnologyEU and Biometric applications EURODACSIS IIVISEuropean Biometric PassportsOther: entrance control etc.

Privacy Concerns at Different Stages

Enrolment :Quality: FR, FApurpose, awareness, consent, data,

responsibility , unnecessary collection, scale, data controllers,

Storage: How? location central/local token

(irreversibility, link ability, security, cost, responsibility ), PET

What ? raw image/template (health information,

Privacy Concerns at Different StagesMatching Access/user authorityUpdating Spoofing, stolen, security, fallback

procedures

Major Legal Sources of Data ProtectionOECD Guidelines EC: Convention 108, Data

Protection Directive (95/46/EC;97/66/EC;2002/58/EC)

Regulation (EC) No 45/2001EU: ECHR- Marper case

Crucial Legal ProblemsECHR art 8 (2) Derogations: public and social interest;

national security How to apply?

S and Marper v. UK 1) Is there an interference with privacy? 2) In accordance with the law3) Legitimate aim4) proportional and margin of appreciation

Crucial Legal ProblemsP.G and J.H. v. UK“private life considerations may arise…once any

systematic or permanent record comes into existence of such material from the public domain.”

Peck v. UK “the relevant moment was viewed to an

extent which far exceeded any exposure to a passer-by or to security observation…and to a degree surpassing that which the applicant could possibly have foreseen when he walked in [the street]”

Crucial Legal ProblemsBiometric as personal data

(anonymization)◦ Personal data any information relating

to an identified or identifiable natural person (art2 a)

◦ An identifiable person is one can be identified directly or indirectly in particular by reference to an identification number or one or more factors that specific to his physical, physiological, and mental(…) identity

Crucial Legal ProblemsBiometrics as sensitive personal

data◦Health indication...which, how ◦Racial related, ◦linking and tracking ability. ◦Context-various

Crucial Legal Problemsit is not sufficient to consider the grading

this data element has been given isolated, one must also take into account what information one thereby may connect to the nexus-person. This may provide a basis for data security deliberation the submission of the key resents in itself a threat to the protection of highly sensitive information, an increased risk of undesired access to personal information.

----Bing, 1972 p.107-108

Crucial Legal ProblemsPrinciple of proportionality

(art6.8.14.15) ◦Suitability, necessity and non-

excessiveness◦Balancing test◦Least drastic means test ◦Huber case: effectively applied

-----nature of purposes, availability and effectiveness of other alternatives, loss of data subject, efficacy

Crucial Legal ProblemsPrinciple of proportionality European organizations’ opinion

about proportionality and biometrics (consultative committee 108 , WP29, EDPS)

Crucial legal problems

Proportionality in biometric context: ◦Biometric template/raw image◦Link with sensitive information◦Avoiding unnecessary storage◦Adequate, relevant and not

excessive◦Storage length ◦Type of biometrics◦Assessment of risks

Sample cases in NorwayPrinciple of proportionality (DPAs)Article 12 of Personal Data Act of

Norway

National identify numbers and other clear means of identification may only be used in the processing when there is an objective need for certain identification and the method is necessary to achieve such identification.

Sample cases in NorwayReversed cases

Case1: Tysvær MunicipalityCase 2: Esso Norge

Upheld casesCase 3: Rema 1000Case 4: Oxigeno Fitness

Sample cases in Norway

Data inspectorate: 1.Actual objective need for ensuring

identification and the method is necessary for such identification

2.Article 8,9 and 11 3. Not meaningful to distinguish raw

biometric image/template4.Encryption is a measure for security

but not decisive factor

Case analysisIdentification and authentication Understanding the article 12.1. PVN: interpretation of “identification

method”: as a key, or used for authentication afterwards

2. Focus of article 12: necessary, “identification” in general sense

3. only identification is mentioned, does not indicate authentication is prohibited

4. Main purpose of the Personal Data Act

Case analysisIdentification and authentication Is it necessary to differentiate the

between identification and authentication when regulating biometrics?

- What are the differences between identification and authentication when privacy is concerned?

- What will be the legal value of regulatory differentiation based on such differences?

(Line between identification and authentication )

Sample cases in NorwayNecessityData Inspectorate:The requirement of necessity in the first

paragraph will only be fulfilled when other or less accurate identification measure such as name, address or customer number are not sufficient. It is also important to consider the importance of such accurate identification for the user and what kind of consequences a mistake can cause. In addition , social need can also be considered.

Sample cases in Norway Tysvær: Alternatives, smart card ESSO: Consent and alternativesRema 1000: alternatives and

trust, balance interest

Sample cases in NorwayStorage: Tysvær: encrypted server and

sensing device, authenticationESSO: central database too, live

authentication Rema 1000: local terminal linked

to network, identification and authentication

Fitness: local database, identification

Sample cases in NorwayDiffer central storage and local

storage? …storage of the biometric data by the

data controllers is unfortunate, and should be avoided. Therefore it is unnecessary to differentiate between local or central storage

----Datatilsynet,2006

Avoiding unnecessary storage: portable token/central storage

Length of storage

Sample cases in Norway

Consent:It is still uncertain what kind of policy should be

adopted concerning the notice and consent requirements in the biometric context

---Datatilsynet ,2006

Informed consent Possible alternativeUnequal Contract Suggestion: Grading systemProportionality and consent

Main findings and Recommendations Biometric data as a special

category of personal dataArticle12 be reformulated. Proportionality in biometric

context: benefits, risks, alternatives, inevitable need, choice of biometrics, storage location and length, purpose, identification and authentication, testing, quality control

Informed consent, grading system

Other information:

Best Practices in Privacy Guidelines:

FIDISBITEPRIMEArticle 29 Working PartyCEPSOECDEuropean Commission

Thank you for your attention!

southhopeliu@yahoo.com