EDPB provides input on biometric use in airports

 The French Supervisory Authority has sought the European Data Protection Board's opinion on the use of facial recognition technology by airport operators and airline companies for biometric authentication of passengers, with the objective of enhancing passenger flow at airports. The Board underscores that the use of biometric data, particularly facial recognition technology, poses significant risks to the rights and freedoms of individuals. This data type is given special protection under Article 9 of the GDPR. Prior to implementing such technologies, controllers are strongly advised to thoroughly evaluate the impact on individuals' fundamental rights and freedoms, and to consider if less invasive methods can achieve the intended purpose. The focus of this opinion is on the compatibility of the processing with specific articles of the GDPR, with the aim of streamlining passenger flow at airports at security checkpoints, baggage drop-off, boarding, and access to passenger lounges. This opinion does not provide a complete analysis of the GDPR compliance by the relevant controllers in each case, and it does not address the validity of consent for such processing.


Additionally, this opinion does not override any restrictions on using biometric data established by Member State law. The Board evaluates the processing for compliance with the GDPR provisions in four specific scenarios. In the first scenario, the 'biometric template ', which refers to a unique digital representation of an individual's biometric data, is stored on the individual's device and is under their sole control for passenger authentication at airport checkpoints. The Board concludes that the chosen measures are necessary if the controller can demonstrate that there are no less intrusive alternatives. The second scenario involves the centralized storage of an encrypted biometric template within the airport, with the key solely in the passenger's hands for authentication at airport checkpoints. The Board concludes that this processing is necessary if no less intrusive alternatives are available. However, the controllers should justify the retention period for storage limitation. The Board recommends that controllers consider the shortest possible storage period while allowing passengers to set their preferred storage period.

By: WCSF Team

Comments

Post a Comment

Popular posts from this blog

The Digital Personal Data Protection Act, 2023 of India: Everything you shall know

Digital Personal Data Protection Bill, 2023   “ Privacy is not an option, and it shouldn't be the price we expect for just getting on the internet ” ~ Gary Kovacs.   The Digital Personal Data Protection Act (DPDP), 2023, has marked a significant turning point in India’s quickly changing digital environment. The landmark judgment [1] of K.S Puttswamy vs Union of India paved the way for the legislation on data privacy. The Act has inverted the asymmetry that existed with the IT Act of 2000 and empowers the citizens/customers of modern-day India against big social media platforms, corporate houses, and other entities that collect consumer information. It gives them the right to choose the information they would want to provide to these entities, which did not exist with the IT Act of 2000, thus addressing the issue of data privacy a step further and holding these entities accountable in case of Breach of any of the guidelines mentioned in the Act.   Some salient features Pro
Read more

Data Privacy at Stake: The Controversy Around Targeted Advertising in India

Targeted or Behavioral Advertising is a powerful tool designed to provide internet users with highly personalized digital advertisements, analyzing their online actions, preferences, and demographics. Its popularity surges in India as the nation's digital economy expands and online engagement grows. By 2023, YouTube had emerged as India's leading platform for targeted advertising, with studies indicating its potential to boost brand awareness by up to 20% and lead generation by up to 30%. Esteemed companies like Flipkart, HDFC Bank, and Amazon have embraced this strategy, directing ads toward users interested in specific products or services on their websites. In India's dynamic digital landscape, where targeted advertising has become the cornerstone of marketing strategies, the answers to the following critical questions hold profound implications for consumers and businesses. a) Is targeted advertising user-friendly and secure? b)Where does the company/organization distin
Read more

Revised OECD AI Principles Address Emerging Challenges

The OECD (Organization for Economic Cooperation and Development) recently updated its AI Principles to address the rapid development of AI, particularly general-purpose and generative AI. These updated principles ensure AI is used responsibly and ethically while promoting innovation and economic growth. Here's a summary of the key points : Focus on emerging challenges:  The revisions address privacy, intellectual property, safety, and information integrity in the context of new AI advancements. Global impact:   With 47 members, including the EU, the OECD AI Principles serve as a blueprint for international AI policy frameworks. The updated AI Principles: It strike a delicate balance between fostering innovation and  upholding  ethical standards, advocating  for  trustworthy AI that respects human rights and democratic values. Rapid AI development:  The OECD reports significant growth in AI investment, skills demand, and adoption by large firms. The global policy focus  on   AI: It
Read more