Abstract
This chapter starts by identifying the basic principles behind data protection law and showing how these principles might affect the choice or even admissibility of the use of certain types of biometrics. We conclude that currently only data relating to identified or identifiable persons are protected. We will argue that the use of second generation biometrics will have to lead to a re-assessment of this traditional data protection approach. We then focus on the case of biometric profiling: existing legal mechanisms cannot offer European citizens effective protection against it. The latter has led to a call for widening the protection currently granted through the regulation of ‘unsollicited communications’ via the new notion of ‘unsollicited adjustments’. This notion of ‘unsollicited adjustments’ would close a legal loophole allowing a situation in which objects that seemingly have a neutral guiding function, in practice secretly track individuals to surreptitiously adapt their performance based on undisclosed criteria. Second generation biometrics applied in real life situations can lead to forms of profiling that leave some of the rights for individual unprotected. We argue that approaching new phenomena such as profiling with heavy prohibitions may block progress or lead to a situation where the prohibitions are not respected. A more subtle approach will render better results and in the regulation of profiling, opacity (prescriptive rules) and transparency tools (making data handling visible and data handlers accountable) can each have their own role to play. In a normative weighing of privacy and other interests, some intrusions will turn out just to be too threatening for fundamental rights whilst others will be accepted and submitted to the legal conditions of transparency and accountability.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Directive 95/46/EC, Preamble, § 14.
- 2.
Later on, in 2006, the CNIL has issued some ‘unique authorizations’ which permit controllers, if they comply with all requirements, to file a declaration of conformity.
References
Adams, C. 2006. A classification for privacy technologies. University of Ottawa Law and Technology Journal (UOLTJ) 3(1): 35–52.
Albrecht, A. 2003. BIOVISION: D 7.4 Privacy Best Practices in Deployment of Biometric Systems. BIOVISION ROADMAP, oai.cwi.nl/oai/asset/4057/04057D.pdf. Accessed 14 Sept 2010.
Alterman, A. 2003. A piece of yourself: Ethical issues in biometric identification. Ethics and Information Technology (Kluwer) 5: 139–150.
Androunikou, V., D. Demetis, and T. Varvarigou. 2005. Biometric implementations and the implications for security and privacy. Journal of the Future of Identity in the Information Society 1(1): 20–35.
Ashbourn, J. 2005. The social implications of the wide scale implementation of biometric and related technologies. Background paper for the Euroscience Open Forum ESOF (2006), Munich. http://www.statewatch.org/news/2006/jul/biometrics-and-identity-management.pdf. Accessed 14 Sept 2010.
Berthold, S. 2009. Epass. 5.3. In D3.16: Biometrics: PET or PIT? ed. A. Sprokkereef and B.J. Koops. Brussels: FIDIS.
Borking, J. 2008a. Organizational Motives for Adopting Privacy Enhancing Technologies. Data Protection Review, Madrid: DPA.
Borking, J. 2008b. The Business Case for PET and the EuroPrise Seal. Europrise deliverable.
Bray, P. 2004. Ethical aspects of facial recognition systems in public places. Journal of Information Communication and Ethics in Society 2: 97–109.
Bromba, M. 2006. On the Reconstruction of Biometric Raw Data from Template Data. Via http://www.bromba.com/knowhow/temppriv.htm. Accessed 14 Sept 2010.
Brussee, R., L. Heerink, R.E. Leenes, J. Nouwt, M.E. Pekárek, A.C.J. Sprokkereef, and W. Teeuw. 2008. Persoonsinformatie of Identiteit? Identiteitsvaststelling en Elektronische Dossiers in het Licht van Maatschappelijke en Technologische Ontwikkelingen. Telematica Instituut. Report TI/RS/2008/034: 1–98. Enschede: Telematica Instituut.
Cavoukian, A., and A. Stoianov. 2007. Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security and Privacy. Information and Privacy Commissioner’s Office, Ontario.
Charter of Fundamental Rights of the European Union. 2000. Official Journal C 364 (December).
Data Protection Commissioners. 2005. 27th International Conference of Data Protection and Privacy Commissioners, Resolution on the use of biometrics in passports, identity cards and travel documents, Montreux 16 September 2005. http://www.edps.eu.int/legislation/05-09-16_resolution_biometrics_EN.pdf. Accessed 14 Sept 2010.
De Hert, P., and S. Gutwirth. 2006. Privacy, data protection and law enforcement. Opacity of the individual and transparency of the power. In Privacy and the criminal law, ed. E. Claes, A. Duff, and S. Gutwirth, 61–104. Antwerp/Oxford: Intersentia.
De Hert, P., W. Scheurs, and E. Brouwer. 2007. Machine-readable identity documents with biometric data in the EU - part III - Overview of the legal framework. Keesing Journal of Documents and Identity 22: 23–26.
De Hert, P., S. Gutwirth, A. Moscibroda, D. Wright, and G. González Fuster. 2008. Legal Safeguards for Privacy and Data Protection. Working paper series REFGOV-FR-19. http://refgov.cpdr.ucl.ac.be/?go=publications. Accessed 14 Sept 2010.
de Leeuw, E. 2007. Biometrie en Nationaal Identiteitsmanagement. Privacy and Informatie 2(10): 50–56.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal European Communities Legislation L 281 (November).
EBF (European Biometrics Forum). 2007. Security and Privacy in Large Scale Biometric Systems: Seville: JRC/ITPS. http://is.jrc.es/documents/SecurityPrivacyFinalReport.pdf. Accessed 14 Sept 2010.
E.C.J. 2003. 20 May 2003 Österreichischer Rundfunk and others, joint cases, C-138-01, C-139/01 and C-465/00.
E.C.J. 2008. 16 December 2008 Heinz Huber V FRG, C 524/06, Official Journal C44/5 of 21.2.2009.
ECtHR. 1986. Judgment of 24 November 1986 (Gillow vs. The United Kingdom).
ECtHR. 2000. Rotaru vs. Romania, 4 May 2000, appl. no. 28341/95 Reports 2000-V, §§ 43–44.
ECtHR. 2006. Segerstedt-Wiberg and Others v. Sweden, 6 June 2006, Appl. no. 62332/00.
European Commission. 2007. A Fine Balance 2007: Privacy Enhancing Technologies; How to Create a Trusted Information Society. Conference Summary. ftp://ftp.cordis.europa.eu/pub/fp7/ict/docs/security/20080228-pet-final-report_en.pdf. Accessed 14 Sept 2010.
European Data Protection Supervisor (EDPS). 2005. Opinion on VIS, Brussels. http://www.edps.europa.eu/12_en_opinions.htm. Accessed 14 Sept 2010.
Friedrich, E., and U. Seidel. 2006. The introduction of the German e-passport. Biometric passport offers firstclass balance between security and privacy. Keesing Journal of Documents and Identity 16: 2006.
Gasson, M. et al., eds. 2007. Fidis deliverable D.3.2.: A study on PKI and biometrics, www.fidis.net. Accessed 14 Sept 2010.
González Fuster, G., S. Gutwirth, and P. de Hert. 2010. From unsollicited communications to unsollicited adjustments. Redefining a key mechanism for privacy protection. In Data protection in a profiled world, ed. S. Gutwirth, Y. Poullet, and P. De Hert. Berlin: Springer.
Grijpink, J. 2001. Biometrics and privacy. Computer Law and Security Report 17(3): 154–160.
Grijpink, J. 2005. Two Barriers to realizing the benefits of biometrics. Computer Law and Security Report 21(3): 249–256.
Grijpink, J. 2008. Biometrie, Veiligheid en Privacy. Privacy en Informatie 11: 10–14.
Gutwirth, S., and P. De Hert. 2008. Regulating profiling in a democratic constitutional state. In Profiling the European citizen. Cross-disciplinary perspectives, ed. M. Hildebrandt and S. Gutwirth, 271–292. Berlin: Springer Press.
Hes, R., T.F.M. Hooghiemstra, and J.J. Borking. 1999. At face value, on biometrical identification and privacy, Achtergrond Studies en Verkenningen, vol. 15, 1–70. The Hague: Registratiekamer.
Hes, R., et al. 2000. Privacy-enhancing technologies: The path to anonymity, Achtergrond Studies en Verkenningen, vol. 11, 1–60. The Hague: Registratiekamer (Revised Edition).
Hildebrandt, M., and J. Backhouse, eds. 2008. FIDIS Deliverable D7.2.: Descriptive Analysis and Inventory of Profiling Practices. http://www.fidis.net/resources/deliverables/profiling/int-d72000/. Accessed 14 Sept 2010.
Hildebrandt, M., and S. Gutwirth, eds. 2008. FIDIS Deliverable D7.4.: Implications of Profiling on Democracy and the Rule of Law. http://www.fidis.net/resources/deliverables/profiling/int-d74000/. Accessed 14 Sept 2010.
Hornung, G. 2005. Die digitale Identität. Rechtsprobleme von Chipkartenausweisen: Digitaler Personalausweis, elektronische Gesundheitskarte, JobCard-Verfahren. Reihe “Der elektronische Rechtsverkehr”, ed. Roßnagel A., and TeleTrusT Deutschland e.V.,10, Baden-Baden: Nomos Verlagsgesellschaft.
Hornung, G. 2007. The European regulation on biometric passports: Legislative procedures, political interactions, legal framework and technical safeguards. SCRIPT ED 4(3): 246–262.
JRC (Joint Research Centre). 2005. Biometrics at the Frontiers: Assessing the Impact on Society. Technical Report Series, Seville: Institute for Prospective Technological Studies (IPTS).
Kindt, E. 2007a. Biometric applications and the data protection legislation (the legal review and the proportionality test). Datenschutz and Datensicherheit (DuD) 31: 166–170.
Kindt, E. 2007b. FIDIS (Future of Identity in the Information Society) Deliverable 3.10: Biometrics in Identity Management.
Koorn, R., et al. 2004. Privacy enhancing technologies. Witboek voor Beslissers. The Hague: Ministerie van Binnenlandse Zaken.
Levi, M., et al. 2004. Technologies, security, and privacy in the post-9/11 European Information Society. Journal of Law and Society 31(2): 194–200.
Lodge, J., and A. Sprokkereef. 2009. Accountable and transparent E-Security- the Case of British (In) Security, Borders and Biometrics, Challenge. http://www.libertysecurity.org/article2488.html. Accessed 14 Sept 2010.
Neuwirt, K. 2001. Report on the protection of personal data with regard to the use of smart cards. Strassbourg: Council of Europe.
Organisation for Economic Co-operation and Development (O.E.C.D). 2004. Background material on biometrics and enhanced network systems for the security of international travel Working Party on Information Security and Privacy. http://www.oecd.org/dataoecd/16/18/34661198.pdf. Accessed 14 Sept 2010.
Philips, D. 2004. Privacy policy and PETs. New Media and Society 6(6): 691–706.
Petermann, Th., and A. Sauter. 2002. Biometrische Identifikationssysteme Sachstandsbericht, TAB Working report nr 76. http://www.tab.fzk.de/de/projekt/zusammenfassung/ab76.pdf. Accessed 25 Jan 2010.
Rundle, M., and C. Chris. 2007. Ethical Implications of Emerging Technologies: A Survey (UNESCO, Information for All – IFAP). UNESCO, Communication and Information Sector: 1–90.
Sprokkereef, A. 2008. Data protection and the use of biometric data in the EU; in IFIP international federation for information processing. In The future of identity in the information society, vol. 262, ed. S. Fischer Huebner, P. Duquenoy, A. Zaccato, and L. Martucci, 277–284. Boston: Springer.
Sprokkereef, A.C.J., and P.J.A. de Hert. 2007. Ethical practice in the use of biometric identifiers within the EU. Law, Science and Policy 3(2): 177–201.
Sprokkereef, A.C.J., and P.J.A. de Hert, 2009. The use of privacy enhancing aspects of biometrics: Biometrics as PET (privacy enhancing technology) in the Dutch Private and Semi-Public Domain. Tilburg: Tilburg Institute for Law, Technology and Society. http://arno.uvt.nl/show.cgi?fid=93109. Accessed 14 Sept 2010.
Sprokkereef, A., and B.J. Koops, eds. 2009. D3.16: Biometrics: PET or PIT?, Brussels: FIDIS, August 2009, 68 pp. http://www.fidis.net/fileadmin/fidis/deliverables/new_deliverables2/fidis-WP3-del3.16-biometrics-PET-or-PIT.PDF. Accessed 14 Sept 2010.
SSN (Surveillance Studies Network). 2006. A Report on the Surveillance Society - For the Information Commissioner by the Surveillance Studies Network, London: Information Comissioner (Full Report). http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/surveillance_society_full_report_2006.pdf
Tavani, H., and J. Moor. 2001. Privacy protection, control of information, and privacy-enhancing technologies. Computers and Society 31(1): 6–11.
Thomas, R. 2008. The UK Information Commissioner: On funding in evidence to the House of Commons Justice Committee on the Protection of Personal Data Report, H of C Justice Committee report: Protection of Private Data, HC 154 January 2008.
Turle, M. 2007. Freedom of information and data protection law: A conflict or a reconciliation? Computer Law and Security Report 23: 514–522.
Tuyls, P., et al. (eds.). 2007. On private biometrics, secure key storage and anti-counterfeiting. Boston: Springer.
van der Ploeg, I. 1999. The illegal body: ‘Eurodac’ and the politics of biometric identification. Ethics and Information Technology 1(4): 295–302.
van der Ploeg, I. 2002. Biometrics and the body as information, normative issues of the socio-technical coding of the body (chapter 3). In Surveillance as social sorting: Privacy, risk, and digital discrimination, 57–73. New York: Routledge.
Wayman, J. 2006. Linking persons to documents with biometrics. Biometric systems from the 1970s to date. Keesing Journal of Documents & Identity (16): 15ff.
WP29 (Article 29 Working Party). 2003. Working document on biometrics 12168/02, 1.8.2003 and 11224/04.
WP29 (Article 29 Working Party). 2007. Opinion 4/2007 on the concept of personal data, 20 June 2007.
Zorkadis, V., and P. Donos. 2004. On biometrics-based authentication from a privacy-protection perspective – Deriving privacy-enhancing requirements. Information Management and Computer Security 12: 125–137.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Sprokkereef, A., de Hert, P. (2012). Biometrics, Privacy and Agency. In: Mordini, E., Tzovaras, D. (eds) Second Generation Biometrics: The Ethical, Legal and Social Context. The International Library of Ethics, Law and Technology, vol 11. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-3892-8_4
Download citation
DOI: https://doi.org/10.1007/978-94-007-3892-8_4
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-3891-1
Online ISBN: 978-94-007-3892-8
eBook Packages: Humanities, Social Sciences and LawPhilosophy and Religion (R0)