EDPB provides input on biometric use in airports
The French Supervisory Authority has sought the European Data Protection Board's opinion on the use of facial recognition technology by airport operators and airline companies for biometric authentication of passengers, with the objective of enhancing passenger flow at airports. The Board underscores that the use of biometric data, particularly facial recognition technology, poses significant risks to the rights and freedoms of individuals. This data type is given special protection under Article 9 of the GDPR. Prior to implementing such technologies, controllers are strongly advised to thoroughly evaluate the impact on individuals' fundamental rights and freedoms, and to consider if less invasive methods can achieve the intended purpose. The focus of this opinion is on the compatibility of the processing with specific articles of the GDPR, with the aim of streamlining passenger flow at airports at security checkpoints, baggage drop-off, boarding, and access to passenger lounges. This opinion does not provide a complete analysis of the GDPR compliance by the relevant controllers in each case, and it does not address the validity of consent for such processing.
Additionally, this opinion does not override any restrictions on using biometric data established by Member State law. The Board evaluates the processing for compliance with the GDPR provisions in four specific scenarios. In the first scenario, the 'biometric template ', which refers to a unique digital representation of an individual's biometric data, is stored on the individual's device and is under their sole control for passenger authentication at airport checkpoints. The Board concludes that the chosen measures are necessary if the controller can demonstrate that there are no less intrusive alternatives. The second scenario involves the centralized storage of an encrypted biometric template within the airport, with the key solely in the passenger's hands for authentication at airport checkpoints. The Board concludes that this processing is necessary if no less intrusive alternatives are available. However, the controllers should justify the retention period for storage limitation. The Board recommends that controllers consider the shortest possible storage period while allowing passengers to set their preferred storage period.
By: WCSF Team
Comments
Post a Comment