An overview of the European approach to the cross-jurisdictional and societal aspects of biometrics

Similar documents
European Union Passport

EU Settlement Scheme Briefing information. Autumn 2018

ICAO: THE TECHNICAL ADVISORY GROUP FOR MACHINE READABLE TRAVEL DOCUMENTS

IMMIGRATION, ASYLUM AND NATIONALITY ACT 2006 INFORMATION FOR CANDIDATES

INVESTING IN AN OPEN AND SECURE EUROPE Two Funds for the period

Fertility rate and employment rate: how do they interact to each other?

New technologies applied to travel facilitation airport controls and visa issuance

2. The table in the Annex outlines the declarations received by the General Secretariat of the Council and their status to date.

Factsheet on rights for nationals of European states and those with an enforceable Community right

CLASSIFICATION/CATEGORISATION SYSTEMS IN AGENCY MEMBER COUNTRIES

The Markets for Website Authentication Certificates & Qualified Certificates

Identification of the respondent: Fields marked with * are mandatory.

WALTHAMSTOW SCHOOL FOR GIRLS APPLICANTS GUIDE TO THE PREVENTION OF ILLEGAL WORKING

IMMIGRATION, ASYLUM AND NATIONALITY ACT 2006 INFORMATION FOR CANDIDATES

Size and Development of the Shadow Economy of 31 European and 5 other OECD Countries from 2003 to 2013: A Further Decline

Q&A on the European Citizens' Initiative

Work and residence permits and business entry visas

UNDER EMBARGO UNTIL 9 APRIL 2018, 15:00 HOURS PARIS TIME

Use of Identity cards and Residence documents in the EU (EU citizens)

European patent filings

Ad-Hoc Query on Implementation of Council Regulation 380/2008. Requested by FI EMN NCP on 10 th September 2009

The benefits of a pan-european approach: the EU and foreign perspective from the Netherlands point of view

8193/11 GL/mkl 1 DG C I

IMMIGRATION IN THE EU

ELIGIBLITY TO WORK IN THE UK CHECKLIST

TULIP RESOURCES DOCUMENT VERIFICATION FOR ALL EMPLOYEES FEBRUARY 2013

Frequently Asked Questions: Electronic System for Travel Authorization (ESTA)

Proposal for a new repartition key

1. Why do third-country audit entities have to register with authorities in Member States?

SSSC Policy. The Immigration Asylum and Nationality Act Guidelines for Schools

112, the single European emergency number: Frequently Asked Questions

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN AUGUST 2015

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN AUGUST 2016

Data Protection in the European Union: the role of National Data Protection Authorities Strengthening the fundamental rights architecture in the EU II

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN MAY 2017

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN MARCH 2016

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN FEBRUARY 2017

MINISTERIAL DECLARATION

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

The evolution of turnout in European elections from 1979 to 2009

COMMISSION DECISION. of

Global Harmonisation of Automotive Lighting Regulations

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN SEPTEMBER 2015

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN DECEMBER 2016

Applying for studies in the Karol Szymanowski Academy of Music in Katowice on terms applicable to Polish citizens

Visa issues. On abolition of the visa regime

I m in the Dublin procedure what does this mean?

N.U.in England Visa Guide Supplement 2018

Prevention of Illegal Working Guidance on the Immigration, Asylum and Nationality Act 2006

PERSONAL DATA PROTECTION PRIVACY INFORMATION FOR THE CITIZENS ON THE RIGHT TO PERSONAL DATA PROTECTION

IPEX STATISTICAL REPORT 2014

Release Authorization for an International Background Check

Fee Status Assessment Questionnaire

Ad-Hoc Query on Directive 2004/38/EO. Requested by BG EMN NCP on 26 July Compilation produced on 03 October 2011

Enrolment Policy. PART 1 British/Domestic Students

EU Settlement Scheme

INDIA-EU DIALOGUE ON MIGRATION AND MOBILITY

Introduction to the European Agency. Cor J.W. Meijer, Director. European Agency for Development in Special Needs Education

COMMISSION IMPLEMENTING DECISION. of

Migration information Center I Choose Lithuania

SPINAL INJURIES ASSOCIATION

Postings under Statutory Instrument and Bilateral Agreements

Conducting a Compliant Right to Work Check Contents

Timeline of changes to EEA rights

Territorial indicators for policy purposes: NUTS regions and beyond

ENISA Workshop December 2005 Brussels. Dr Lorenzo Valeri & Neil Robinson, RAND Europe

THE UNIVERSITY OF SUSSEX

Ad-Hoc Query on Residence Permit Cards. Requested by FI EMN NCP on 4 th May Compilation produced on 27 th September 2012

TISPOL PERSPECTIVES TO THE EUROPEAN ROAD SAFETY HOW TO SAVE LIVES AND REDUCE INJURIES ON EUROPEAN ROADS?

VISA POLICY OF THE REPUBLIC OF KAZAKHSTAN

Visas and volunteering

Fieldwork: November December 2010 Publication: June

PORTUGAL THE GOLDEN VISA PROGRAMME. Frequently Asked Questions

COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

UAE E Visa Information

Extended Findings. Finland. ecfr.eu/eucoalitionexplorer. Question 1: Most Contacted

Improving the accuracy of outbound tourism statistics with mobile positioning data

Ad-hoc query on fingerprint biometry and facial image in identity documents. Requested by EE EMN NCP on 19 th February 2014

Fact Sheet: Electronic System for Travel Authorization (ESTA)

The life of a patent application at the EPO

THE RECAST EWC DIRECTIVE

Delegations will find attached Commission document C(2008) 2976 final.

Asylum Trends. Appendix: Eurostat data

Asylum Trends. Appendix: Eurostat data

Equality between women and men in the EU

Asylum Trends. Appendix: Eurostat data

Asylum Trends. Appendix: Eurostat data

The EU Visa Code will apply from 5 April 2010

CONSUMER PROTECTION IN EU ONLINE GAMBLING REGULATION

RIGHT TO WORK GUIDELINES

EU Regulatory Developments

Europe in Figures - Eurostat Yearbook 2008 The diversity of the EU through statistics

Right to Work in the UK Policy Contents

The State of Europe (with reference to RUC)

Applying for a Schengen visa

Questions Based on this background, the Norwegian Directorate of Immigration (UDI) would like you to respond to the following questions: 1 of 11

EU Breakdown of number of cases registered and number of articles seized by product type Number of cases registered by Customs %

Factual summary Online public consultation on "Modernising and Simplifying the Common Agricultural Policy (CAP)"

On aid orphans and darlings (Aid Effectiveness in aid allocation by respective donor type)

The diversity of Agricultural Advisory Services in Europe

Transcription:

An overview of the European approach to the cross-jurisdictional and societal aspects of biometrics Mario Savastano Senior Researcher IBB / National Research Council of Italy DIEL Federico II University of Napoli Convenor ISO/IEC JTC1 SC37 WG6 on Cross-jurisdictional and societal aspects of biometrics mario.savastano@unina.it

Biometrics has a long tradition in Italy The Mouth of Truth (year 400 BC) is probably the first hand sensor of the history. According to popular belief it was said that any one putting his hand in this mouth and swearing falsely, could not withdraw it

The evolution of the Mouth of Truth

Main points of the presentation 1. Introduction to the non technical aspects of biometrics 2. Some considerations on Privacy & biometrics in EU 3. The activity of the ISO/IEC JTC1 SC37 Biometrics WG6 on Cross-jurisdictional and societal aspects 4. Cross-relations between the ISO Special Working Group on accessibility (SWGA) and SC37 5. Conclusions

1. Non-technical aspects of biometrics The solution of non technical problems represents probably the real challenge that biometrics has to face A small increase of accuracy requires a tremendous technological effort A non - cooperative user may give rise to a significant decrease of accuracy in real conditions A negative opinion of a Data Protection Commission may even switch off an application

Pentakis

Some non-technical parameters influencing the performances

1.1 Some of the non-technical aspects of biometrics Medical issues Direct implications (potential threat to the body) and indirect implications (potential disclosure of medical information in consequence of a biometric process) Privacy compliance Data protection in the several phases of the biometric procedures Accessibility Management of the physical, mental and biometric temporal or permanent disabilities in the biometric process

1.2. Medical issues The users of a biometric system would like be sure that: The system is absolutely not harmful for the body Under every circumstance it is not possible to disclose medical data in the biometric process These two issues are relatively easy to satisfy Sometimes, the information is not clear The vendor could highlight the compliance of the biometric unit with safety standards

2. Privacy

2.1 Privacy & biometrics in EU Actually, at the European level, there is a certain lack of clarity in the definition of the biometric applications allowed in terms of compliance with national Data Protection Commissions rules e.g. time & Attendance or urban biometric surveillance On the other hand, a certain fluidity should be recognized since the Data Protection Commissions seem to be flexible, in general terms, in considering the technological evolution Video surveillance Biometrics RFID (coming soon..)

2.2 Art. 29 D. P. Working Party: a point of reference for biometrics & privacy Members from: Belgium - Czech Republic -Denmark-Germany- Greece -Spain-France-Ireland-Italy- Hungary - Cyprus - Latvia- Lithuania - Luxembourg - Malta- Netherlands -Austria-Poland-Portugal-Slovenia- Slovakia -Finland-Sweden-United Kingdom

2.3 Art. 29 D. P. Working Party s primary objectives To promote the uniform application of the general principles of the Directives in all Member States through cooperation between data protection supervisory authorities. To advise the Commission on any Community measures affecting the rights and freedoms of natural persons with regard to the processing of personal data and privacy. To make recommendations to the public at large, and in particular to Community institutions on matters relating to the protection of persons with regard to the processing of personal data and privacy in the European Community.

2.4 Some Art. 29 s documents concerning biometrics Proposal for a Council Regulation on standards for security features and biometrics in EU citizens passports (11/2004) Opinion No 7/2004 on the inclusion of biometric elements in residence permits and visas taking account of the establishment of the European information system on visas (VIS) Working document on biometrics (08/2003)

2.5 12168/02/EN WP 80 Working Document on Biometrics (08/03) The purpose of the present document is to contribute to the effective and homogenous application of the national provisions on data protection adopted in compliance with Directive 95/46/EC (*) upon biometric systems the Working Party intends to provide uniform European guidelines, particularly for the biometric systems industry and users of such technologies (*) protection of individuals with regard to the processing of personal data and on the free movement of such data

2.6 Some relevant points of the working Document on Biometrics (08/03) the templates can be stored in one of the following ways: a) in the memory of a biometric device ; b) in a central database ; c) in plastic cards, optical cards or smart cards. This method of storage enables the users to carry their templates with them as identification devices. In principle, it is not necessary for the purposes of authentication/verification to store the reference data in a database; it is sufficient to store the personal data in a decentralised way

2.7 Some relevant points of the working Document on Biometrics (08/03) Principle of purpose and proportionality personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. In addition, personal data must be adequate, relevant and not excessive in relation to the purposes for which they are collected and further processed (purpose principle). The respect of this principle implies firstly a clear determination of the purpose for which the biometric data are collected and processed. Furthermore, an evaluation of the respect for proportionality and the respect for legitimacy is necessary, taking into account the risks for the protection of fundamental rights and freedoms of individuals and notably whether or not the intended purpose could be achieved in a less intrusive way (introduction the concept of the NECESSITY)

2.8 Some relevant points of the working Document on Biometrics (08/03) For access control purposes (authentication/verification), the Working Party is of the opinion that biometric systems related to physical characteristics which do not leave traces (e.g. shape of the hand but not fingerprints) or biometrics systems related to physical characteristics which leave traces but do not rely on the memorisation of the data in the possession of someone other than the individual concerned (in other words, the data is not memorised in the control access device or in a central data base) create less risks for the protection for fundamental rights and freedoms of individuals. Several Data Protection Authorities have endorsed this view stating that biometrics should preferably not be stored in a database but rather only in an object exclusively available to the user, like a microchip card, a mobile phone, a bank card. In other words, authentication/verification applications which can be carried out without a central storage of biometric data should not implement excessive identification techniques

2.9 The consequences France The French CNIL has refused the use of fingerprints in the case of access by children to a school restaurant; Portugual The Portuguese data protection authority has recently issued an unfavourable decision concerning the use of a biometric system (fingerprint) by a university to control the assiduity and punctuality of the non-teaching staff. Italy Regulations for the use of biometrics in banks (2001) Limitation of the use of biometrics - different cases (2004) Opinion for the use of biometrics for time & attendance applications (2005) Greece Block (operated by the Greece's national Data Protection Authority) of a biometric project intended to acquire biometric identifiers of passengers on international flights (2003)

2.10 Summary Main point of biometrics and privacy in Europe Purpose Proportionality Necessity Try to avoid (where possible) a centralized database Protect the flow of the data (cryptography)

2.11 Essentials of biometrics and privacy in Europe In Europe there must be a robust motivation for the use of biometrics in the private sector The application should be characterized by a consistent degree of sensitivity Some necessity motivations should support the installation of a biometric control Confirmed case of irregular access due: Inappropriate use in consequence of a theft Inappropriate use in consequence of a voluntary exchange of badge

2.12 Privacy & biometrics in EU and US In some cases the US legislation about privacy & biometrics seems less restrictive than the European. This is not always true In Italy the new ID card will have on board biometrics In Italy is allowed the acquisition of fingerprint for accessing the banks

2.13 A special test In the early applications of the biometrics in banks, the fingerprint sensors did not make a quality control on the images acquired Some clients were using the palm (instead of fingerprints) Other ones were using Hot Dogs

2.12 Privacy & biometrics: the necessity of a global approach New international large scale programs will require a strict collaboration among Data Protection Commissions and experts in biometrics at an international level e.g. travel documents equipped with biometric identifiers Passports Seafarer s cards.. It should be wise to create a joint international working group for the global harmonization of the rules in terms of privacy & biometrics

3. ISO/IEC JTC1 SC37 Biometrics Scopes Standardization of generic biometric technologies pertaining to human beings to support interoperability and data interchange among applications and systems. Generic human biometric standards include: Common file frameworks Biometric application programming interfaces Biometric data interchange formats Related biometric profiles Application of evaluation criteria to biometric technologies Methodologies for performance testing and reporting Cross jurisdictional and societal aspects

3.2 WG 6 s Terms of Reference Standardization in the field of cross-jurisdictional and societal aspects in the application of ISO/IEC biometrics standards. Within this context, the terms of reference includes the support of design and implementation of biometric technologies with respect to: accessibility health and safety support of legal requirements and acknowledgement of cross-jurisdictional and societal considerations pertaining to personal information Specification and assessment of government policy are excluded from the scope of WG6

4. The ISO SWGA and SC37 The Resolution 24 of the nineteenth Meeting of ISO/IEC JTC1 (25-29 October 2004 in Berlin, Germany) has established a Special Working Group on Accessibility (SWG-A) - ISO/IEC JTC 1 N7688 Accessibility is one of the terms of reference of ISO / IEC JTC1 SC37 WG6 The resolution 4 of the adopted by WG6 during the ISO/IEC JTC1 SC 37 working Groups meeting of Paris (November 2004) has instructed the Convenor to express to SWG-A the interest of WG6 in its activities

4.1 Accessibility & biometrics Accessibility in biometrics has two aspects: Problems concerning disabled people Problems concerning infants and elderly users Both may encounter difficulties to correctly enroll and verify Large international projects (such as new electronic travel documents) have to keep these accessibility issues into the right perspective

4.2 Accessibility & biometrics Also in biometrics a sort golden window may be identified in the age of the users in which it is possible to obtain the best performances

4.3 Some classical accessibility problems in biometrics Absent, non usable or unstable physical body parts or behavioral features required for the correct operation of a biometric technique Inability to access, or difficulty in accessing the biometric sensor or user terminal Inability to understand the instructions, or recall the correct procedures

4.4 Some accessibililty points addressed in WG6 A biometric system should be easily accessible to all subjects and should not disadvantage any subject The operator/designer should take into account disabilities, inabilities and problems of subjects operating a system

5. Conclusions An international coordination is needed to approach the problem of non-technical issues in biometrics, with particular reference to privacy issues The collaboration between US to EU in terms of trying to harmonize privacy issues in biometrics, should be enhanced ISO/IEC JTC1 WG6 may represent the incubator to attempt global harmonization into a wider international framework Australia, Canada, France, Germany, Italy, Japan, Korea, Norway, RSA, Russia, UK, US

A strange examination FALSE DOCTOR NEW IRIS CAMERA FALSE PATIENT (DATA PROTECTION COMMISIONER)

An overview of the European approach to the cross-jurisdictional and societal aspects of biometrics Mario Savastano Senior Researcher IBB / National Research Council of Italy DIEL Federico II University of Napoli Convenor ISO/IEC JTC1 SC37 WG6 on Cross-jurisdictional and societal aspects of biometrics mario.savastano@unina.it Thanks for the attention!

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback