Privacy chief says biometric concessions not good enough
'Kids and the elderly should be exempted'
Proposed Europe-wide rules governing biometric passports are still unsatisfactory despite some concessions, according to the European Data Protection Supervisor (EDPS).
The European Commission has proposed a revision of EU regulations governing the issuing of passports. The new rules demand that passports contain certain security features involving biometric identifiers in the form of fingerprints.
The EDPS, Peter Hustinx, has reviewed the proposed rules and identified some welcome exemptions, principally for children and the elderly. But he said that the concessions do not go far enough to protect the rights of citizens.
"The fact that the commission took into account the need for fallback procedures, stated in previous opinions, is more than welcomed," said Hustinx. "These exemptions are, however, still unsatisfactory. They fail to address all the possible and relevant issues triggered by the inherent imperfections of biometric systems, and more specifically those related to children and elderly."
The European Council first accepted regulations on biometrics in passports in 2004 and the commission has now proposed amendments to those regulations. Those include exemptions for children under six years old from giving fingerprints, as well as those physically unable to give fingerprints. The EDPS said this was not good enough.
"The proposed six-year age limit should be considered as a provisional one, or brought in line with international practice (14 years)," said the EDPS statement. "After three years, the age limit should be reviewed and defined by an in-depth study which is to identify the accuracy of the systems obtained under real conditions."
The opinion also pointed out that the reliability and accuracy of fingerprints decreases as people get older, and that regulations should take account of this. "An age limit for the elderly, based on similar experiences already in place (79 years), should be introduced as an additional exemption."
Hustinx also recommended to the commission that it investigate the widely divergent practices of obtaining a passport in the first place in the EU member states. So-called breeder documents such as birth certificates and driving licences are used to obtain a passport.
"The passport is only one link of a security chain starting from these "breeder" documents and ending at border check points…this chain will only be as secure as its weakest link," said the EDPS, recommending that the commission harmonise the production of breeder documents.
In his opinion, Hustinx said by law he should have been consulted by the European Commission over the proposals but was not. "The EDPS regrets that the European Commission did not comply with its legal obligation to consult him and expects to be consulted in the future on all proposals falling within the scope of Article28(2)."
That Article is part of a European Regulation which says that the EDPS must be consulted in areas relating to data processing and individuals' rights and freedoms.
Copyright © 2008, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.
Sponsored: 2016 Cyberthreat defense report