Feeds

Privacy chief says biometric concessions not good enough

'Kids and the elderly should be exempted'

Top 5 reasons to deploy VMware with Tegile

Proposed Europe-wide rules governing biometric passports are still unsatisfactory despite some concessions, according to the European Data Protection Supervisor (EDPS).

The European Commission has proposed a revision of EU regulations governing the issuing of passports. The new rules demand that passports contain certain security features involving biometric identifiers in the form of fingerprints.

The EDPS, Peter Hustinx, has reviewed the proposed rules and identified some welcome exemptions, principally for children and the elderly. But he said that the concessions do not go far enough to protect the rights of citizens.

"The fact that the commission took into account the need for fallback procedures, stated in previous opinions, is more than welcomed," said Hustinx. "These exemptions are, however, still unsatisfactory. They fail to address all the possible and relevant issues triggered by the inherent imperfections of biometric systems, and more specifically those related to children and elderly."

The European Council first accepted regulations on biometrics in passports in 2004 and the commission has now proposed amendments to those regulations. Those include exemptions for children under six years old from giving fingerprints, as well as those physically unable to give fingerprints. The EDPS said this was not good enough.

"The proposed six-year age limit should be considered as a provisional one, or brought in line with international practice (14 years)," said the EDPS statement. "After three years, the age limit should be reviewed and defined by an in-depth study which is to identify the accuracy of the systems obtained under real conditions."

The opinion also pointed out that the reliability and accuracy of fingerprints decreases as people get older, and that regulations should take account of this. "An age limit for the elderly, based on similar experiences already in place (79 years), should be introduced as an additional exemption."

Hustinx also recommended to the commission that it investigate the widely divergent practices of obtaining a passport in the first place in the EU member states. So-called breeder documents such as birth certificates and driving licences are used to obtain a passport.

"The passport is only one link of a security chain starting from these "breeder" documents and ending at border check points…this chain will only be as secure as its weakest link," said the EDPS, recommending that the commission harmonise the production of breeder documents.

In his opinion, Hustinx said by law he should have been consulted by the European Commission over the proposals but was not. "The EDPS regrets that the European Commission did not comply with its legal obligation to consult him and expects to be consulted in the future on all proposals falling within the scope of Article28(2)."

That Article is part of a European Regulation which says that the EDPS must be consulted in areas relating to data processing and individuals' rights and freedoms.

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.