Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
ABC4Trust: Protecting Privacy in Identity Management by Bringing Privacy-ABCs into Real-Life Read chapter Read first chapter

2015 | OriginalPaper | Chapter

Privacy by Design – The Case of Automated Border Control

Authors : Pagona Tsormpatzoudi, Diana Dimitrova, Jessica Schroers, Els Kindt

Published in: Privacy and Identity Management for the Future Internet in the Age of Globalisation

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Function creep, i.e. when the purpose specification principle is breached, is a major challenge for personal data processing operations. This is especially a clear risk in the field of Identity Management when biometric data are deployed. The concept of privacy by design, set forth in the data protection reform, could, in principle, contribute to mitigating function creep. An implementation is discussed hereunder in relation to Automated Border Control (‘ABC’).

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter A Brief Evaluation of Icons in the First Reading of the European Parliament on COM (2012) 0011
next chapter Patterns in Privacy - A Pattern-Based Approach for Assessments
Footnotes
1
All EU Member States, except the UK, Ireland, Bulgaria, Romania, Cyprus, Croatia, but including 4 non-EU Member States: Iceland, Norway, Liechtenstein and Switzerland.
 
2
The data processed by the Schengen Information System II (Council Decision 2007/533/JHA) on wanted persons and objects, consulted occasionally when EU/EEA/CH cross external borders of the EU, is not subject to Directive 95/46/EC.
 
3
Although the e-Gates in the EU differ in their design and functionality, in general terms they refer to an electronic gate where the border control check is carried out in a self-service manner by the travellers themselves. Normally it is equipped with a travel document reading device and a device for biometric scanning and verification or identification and is connected to the relevant background systems (e.g. for wanted individuals, such as the Schengen Information System II).
 
4
The enumerated programmes are national ABC programmes introduced by the individual Member States and exemplify different implementations of ABC. While both PRIVIUM and PARAFE require a prior registration, in the case of PRIVIUM the biometric data (iris) is stored on a smart card, while in PARAFE the biometrics (fingerprints) are stored on a central database (French citizens do not need to register). No-Q, on the other hand, does not require pre-registration.
 
5
For example: OECD, Digital Identity Management: Enabling Innovation and Trust in the Internet Economy, 2011, describes registration, authorization, authentication, access control and revocation as IdM processes. A. Jøsang divides IdM in the Registration -, Operation - and Termination phase: Identity management and trusted interaction in Internet and mobile computing, IET Information Security, 2014, 8/2, p. 71.
 
6
For example, the European Commission has tabled a proposal for a Registered Traveller Programme that would apply to some Third Country Nationals, who fulfill certain requirements. It is part of the Smart Borders Package, which is currently subject to a feasibility test (study and pilot). As it concerns Third Country Nationals and not EU/EEA/CH citizens, the proposal is outside the scope of this paper. See Proposal for a Regulation of the European Parliament and of the Council establishing a Registered Traveller Programme, COM (2013) 97 final, Brussels, 28.2.2013.
 
7
Another relevant legal concern is, for instance, the question of legality – on what occasions is the comparison of live fingerprints against the chip of the passport allowed (cfr. Opinion of Advocate General in the case of Schwarz (Court of Justice of the European Union: Schwarz, C – 291/12 2013). According to the Advocate General, the fingerprints of EU citizens are to be verified when there is a suspicion as to the whether the passport belongs to the one presenting it but this is at present not officially decided.
 
8
The databases meant here, in the context of EU citizens, are the Schengen Information System (“SIS II”), which can store facial images and fingerprints, relevant national databases which can contain biometric data, as well as national RTP programmes, such as PARAFE in France.
 
9
E.g. a database of registered travellers is cross-matched against a police database on wanted criminals.
 
10
Rubinstein refers to Big Data as the “… more powerful version of knowledge discovery in databases or data mining, which has been defined as ‘the non-trivial extraction of implicit’, previously unknown, and potentially useful info from data”.
 
11
Recital 46 and article 17 of Directive of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281 31).
 
12
Recital 61 of the European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
 
Literature
Alvaro, A.: Lifecycle data protection management: a contribution on how to adjust the European data protection to the needs of the 21st century. Privacy & Compliance 02-06/2013 (2012)
Andrejevic, M.: Surveillance in the big data era. In: Pimple, K. (ed.) Emerging Pervasive Information and Communication Technologies (PICT) - Ethical Challenges, opportunities and safeguards, pp. 55–69. Springer, Heidelberg (2014)CrossRef
Art. 29 WP: Art. 29 Working Party - The Future of Privacy - Joint Contribution to the Consultation to the European Commission on the legal framework for the fundamental right to protection of personal data (WP168) (2009)
Art. 29 WP: Art. 29 Working Party - Opinion 3/2012 on Development in Biometric Technologies 00720/12/EN (WP193) (2012)
Breebaart, J., Busch, C., Grave, J., Kindt, E.: A reference architecture for biometric; template protection based on pseudo identities. In: Gesellschaft für Informatik (GI): BIOSIG 2008, Proceedings of the Special Interest Group on Biometrics and Electronic Signatures, pp. 25–37. Gesellschaft für Informatik, Bonn (2008)
Cavoukian, A.: Resolution of Privacy by Design. In: 32nd International Conference of Data Protection and Privacy Commissioners, Jerusalem (2010)
Cavoukian, A.: Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario (2011)
Council of the European Union: Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences, O.J. L 218
Council of the EU: Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) [First reading] – Chap. IV, 3rd October 2014
Court of Justice of the European Union: Österreichischer Rundfunk, C-465/00, 138/01, 139/0 (2003)
Court of Justice of the European Union: Schwarz, C – 291/12 (2013)
EDPS: Opinion of the European Data Protection Supervisor on the Proposal for a Council Decision concerning access for consultation of the VIS by the authorities of Member States responsible for internal security and by Europol for the purposes of the prevention, OJ 2006/C97/03 (2006)
EDPS: Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy, OJ C280/01 (2010)
European Commission: Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) 25.1.2012 COM(2012) 11 final (2012)
European Commission: Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EC) No 562/2006 as regards the use of the Entry/Exit System (EES) and the Registered Traveller Programme (RTP), COM (2013) 96 final, 28 February 2013
European Commission: Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of Eurodac for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, O.J. L 180/1-30
FRONTEX: Best Practice Operational Guidelines for Automated Border Control (ABC) Systems, 31 August 2012
Hildebrandt, M.: Slaves to big data. Or Are We? IDP Rev. Internet Derecho y Política 17, 7–26 (2013)CrossRef
ISO/IEC: ISO/IEC 24745/2011, Information Technology - Security Techniques - Biometric Information Protection (2011)
Jacobs, B., Alpár, G.: Credential design in attribute-based identity management. In: 3rd TILTing Perspectives Conference, Tilburg, pp. 189–204 (2013)
Kindt, E.: The use of privacy enhancing technologies. In: Bezzi, M. (ed.) Privacy and Identity Management for Life: 5th IFIP W P9.2 (2010)
Kindt, E.: Best practices for privacy and data protection for the processing of biometric data. In: Campisi, P. (ed.) Security and Privacy in Biometrics. Springer, London (2013a)
Kindt, E.: Privacy and Data Protection Issues of Biometric Applications: A Comparative Legal Analysis. Springer, Heidelberg (2013b)
Koops, B.-J., Bodea, G., Hoepman, J.-H., Leenes, R., Vedder, A.: D3.4 Code as Code Assessment. VIRTUOSO FP7 project (2009)
Koorn, R., van Gilsm, H., ter Hart, J., Overbook, P., Borking, J.: Privacy Enhancing Technologies: White Paper for Decision-Makers. Ministry of Interior and Kingdom Relation, Directorate of Public Secotr Innovation and Information Policy (2004)
Leenes, R., Koops, B.-J.: Privacy Regulation cannot be hardcoded. A Critical Comment on the ‘Privacy by Design’ Provision in Data Protection Law. International Review of Law, Computers and Technology (2013)
Lessig, L.: Code and Other Laws of Cyberspace. Basic Books (2000)
Lodge, J.: Biometrics in Europe: inventory on politico-legal priorities in EU27. Best Network Deliverable D 7.1 (2010)
Mayer-Schönberger, V.: Delete: The Virtue of Forgetting in the Digital Age. Princeton University Press, Princeton (2009)
Mayer-Schöneberger, V., Cukier, K.: Big Data - A Revolution that will transform how we live, work, and think, New York (2013)
OECD: Recommendation on Electronic Authentication and OECD Guidance for Electronic Authentication. OECD (2007)
Polonetsky, O.T.: Privacy in the age of big data: time for big decisions. Stan. Law Rev. 64, 215 (2012)
Ronald Koorn, H.V: Privacy Enhancing Technologies: White Paper for Decision-Makers. Ministry of Interior and Kingdom Relations, Directorate of Public Sector (2004)
Rubinstein, I.: Big data: the end of privacy or a new beginning. Int. Data Priv. Law 3(2), 74 (2013)CrossRef
Wayman, J.: Biometrics in identity management systems. IEEE Secur. Priv. 6(2), 30–37 (2008)CrossRef
Metadata
Title
Privacy by Design – The Case of Automated Border Control
Authors
Pagona Tsormpatzoudi
Diana Dimitrova
Jessica Schroers
Els Kindt
Copyright Year
2015
Book
Privacy and Identity Management for the Future Internet in the Age of Globalisation

Print ISBN: 978-3-319-18620-7

Electronic ISBN: 978-3-319-18621-4

Copyright Year: 2015

DOI
https://doi.org/10.1007/978-3-319-18621-4_10

Premium Partner

    Image Credits