Biometrics and Data Protection

minorbigarmΑσφάλεια

30 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

51 εμφανίσεις

Biometrics and Data Protection



Dr.
Yue

Liu


Forum rettsinformatikk 2011


Agenda


Introduction to Biometric Technology


Privacy Concerns at Different Stages


Major Legal Sources and Crucial Legal
Problems


Sample Cases in Norway


Findings and Recommendations



Introduction to Biometric
Technology



Definition:


The automatic recognition of individuals
based on their behavioural and biological
characteristics

(ISO SC37 Harmonized Biometric
Vocabulary)

Introduction to Biometric
Technology


Behavior:


voice, keystroke, gait, signature…



Physiological

Fingerprint, iris, facial, retina, palm…

DNA?

Not externally observable


Introduction to Biometric
Technology


Verification (authentication):


are you whom you claim to be?


one to one match


Central or decentralized database


Identification:


Who are you?


One to many match


Central database


Introduction to Biometric
Technology


Function process of biometrics

Enrolment







Matching

P
erson

Measuring
Device

Stored
Template

M
atching

Result

P
erson

Measuring
Device

Live
Template

Introduction to Biometric
Technology

EU and Biometric applications


EURODAC


SIS II


VIS


European Biometric Passports


Other: entrance control etc.






Privacy Concerns at Different
Stages



Enrolment :

Quality: FR, FA

purpose, awareness, consent, data, responsibility ,
unnecessary collection, scale, data controllers,



Storage:

How? location central/local token (irreversibility,
link ability, security, cost, responsibility ), PET

What ? raw image/template (health information,

Privacy Concerns at Different
Stages


Matching

Access/user authority


Updating

Spoofing, stolen, security, fallback
procedures

Major Legal

Sources of Data
Protection


OECD Guidelines


EC: Convention 108, Data Protection
Directive
(95/46/EC;97/66/EC;2002/58/EC)


Regulation (EC) No 45/2001


EU: ECHR
-

Marper

case

Crucial Legal Problems

ECHR art 8 (2)


Derogations: public and social interest;
national security


How to apply?


S and
Marper

v. UK

1)
Is there an interference with privacy?

2)
In accordance with the law

3)
Legitimate aim

4)
proportional and margin of appreciation


Crucial Legal Problems


P.G and J.H. v. UK

“private life considerations may arise…once any
systematic or permanent record comes into
existence of such material from the public domain.”



Peck

v. UK


“the relevant moment was viewed to an extent
which far exceeded any exposure to a passer
-
by
or to security observation…and to a degree
surpassing that which the applicant could
possibly have foreseen when he walked in [the
street]”


Crucial Legal Problems


Biometric as personal data
(
anonymization
)



Personal data any information relating to an
identified or identifiable natural person (art2 a)



An identifiable person is one can be identified
directly or indirectly in particular by reference to
an identification number or one or more factors
that specific to his physical, physiological, and
mental(…) identity




Crucial Legal Problems


Biometrics as sensitive personal data


Health indication...which, how


Racial related,


linking and tracking ability.


Context
-
various


Crucial

Legal Problems

it is not sufficient to consider the grading this
data element has been given isolated, one
must also take into account what
information one thereby may connect to the
nexus
-
person. This may provide a basis for
data security deliberation the submission of
the key resents in itself a threat to the
protection of highly sensitive information, an
increased risk of undesired access to
personal information.


----
Bing, 1972 p.107
-
108


Crucial Legal Problems


Principle of proportionality
(art6.8.14.15)


Suitability, necessity and non
-
excessiveness


Balancing test


Least drastic means test


Huber case: effectively applied

-----
nature of purposes, availability and
effectiveness of other alternatives, loss of
data subject, efficacy

Crucial Legal Problems


Principle of proportionality

European organizations’ opinion about
proportionality and biometrics
(consultative committee 108 , WP29,
EDPS)


Crucial

legal problems

Proportionality in biometric context:


Biometric template/raw image


Link with sensitive information


Avoiding unnecessary storage


Adequate, relevant and not excessive


Storage length


Type of biometrics


Assessment of risks


Sample cases in Norway


Principle of proportionality (DPAs)

Article 12 of Personal Data Act of Norway


National identify numbers and other clear means
of identification may only be used in the
processing when there is an objective need for
certain identification and the method is
necessary to achieve such identification.




Sample cases in Norway


Reversed cases


Case1:
Tysvær

Municipality

Case 2:
Esso

Norge



Upheld cases

Case 3:
Rema

1000

Case 4:
Oxigeno

Fitness

Sample cases in Norway

Data
inspectorate:

1.Actual objective need for ensuring identification
and the method is necessary for such
identification

2.Article 8,9 and 11

3. Not meaningful to distinguish raw biometric
image/template

4.Encryption is a measure for security but not
decisive factor


Case

analysis


Identification and authentication

Understanding the article 12.

1.
PVN: interpretation of “identification method”: as a
key, or used for authentication afterwards

2.
Focus of article 12: necessary, “identification” in
general sense

3.
only identification is mentioned, does not indicate
authentication is prohibited

4.
Main purpose of the Personal Data Act


Case
analysis


Identification and authentication

Is it necessary to differentiate the between
identification and authentication when
regulating biometrics?

-

What are the differences between identification
and authentication when privacy is concerned?

-
What will be the legal value of regulatory
differentiation based on such differences?

(Line between identification and authentication )

Sample cases in Norway


Necessity

Data Inspectorate:

The requirement of necessity in the first paragraph
will only be fulfilled when other or less accurate
identification measure such as name, address or
customer number are not sufficient. It is also
important to consider the importance of such
accurate identification for the user and what kind
of consequences a mistake can cause. In addition ,
social need can also be considered
.

Sample cases in Norway



Tysvær
: Alternatives, smart card



ESSO: Consent and alternatives


Rema

1000: alternatives and trust,
balance interest

Sample cases in Norway


Storage:

Tysvær
: encrypted server and sensing
device, authentication

ESSO: central database too, live
authentication

Rema

1000: local terminal linked to
network, identification and authentication

Fitness: local database, identification


Sample cases in Norway


Differ central storage and local storage?

…storage of the biometric data by the data
controllers is unfortunate, and should be
avoided. Therefore it is unnecessary to
differentiate between local or central storage


----
Datatilsynet,2006

Avoiding unnecessary storage: portable
token/central storage

Length of storage

Sample cases in Norway

Consent:

It is still uncertain what kind of policy should be adopted
concerning the notice and consent requirements in the
biometric context


---
Datatilsynet

,2006


Informed consent


Possible alternative


Unequal Contract


Suggestion: Grading system


Proportionality and consent

Main findings and
Recommendations



Biometric data as a special category of
personal data


Article12 be reformulated.


Proportionality in biometric context:
benefits, risks, alternatives, inevitable need,
choice of biometrics, storage location and
length, purpose, identification and
authentication, testing, quality control


Informed consent, grading system

Other information:

Best Practices in Privacy Guidelines:

FIDIS

BITE

PRIME

Article

29
Working

Party

CEPS

OECD

European Commission




Thank you for your attention!



southhopeliu@yahoo.com