Recommendation on the Use of Biometric Technology
Biometric technology is based on the use of information linked to individuals. Hence, privacy and security in biometric applications becomes a concern and the need to assess such applications thoroughly becomes equally important. Guidelines for application of biometric technology must ensure a positive impact on both security and privacy. Based on two cases of biometric application, which have been assessed by the Danish Data Protecting Agency, this chapter present a set of recommendations to legislators, regulators, corporations and individuals on the appropriate use of biometric technologies put forward by the Danish Board of Technology. The recommendations are discussed and compared to the similar proposal put forward by the European Article 29 Data Protection Working Party.
KeywordsBiometric Data Biometric System Biometric Feature Function Creep Biometric Template
Each year the Danish Board of Technology carries out a debate-creating IT security project for the Ministry of Science, Technology and Innovation. The Directors of the Board of Technology have in conjunction with the Danish IT and Telecom Agency decided to implement a technology assessment of biometry as the 2009 project. The project aims to assess the benefits and challenges introduced by the proliferation of biometric technologies.
To illustrate this, the Board of Technology has established a multidisciplinary working group. The working group was lead by Project Manager, Jacob Skjødt Nielsen and Project Officer, Peter Lemcke Frederiksen from the Danish Board of Technology and included experts from civil society (Anette Høyrup, Danish Consumer Council), law (Charlotte Bagger Tranberg, Aalborg University), industry (Henning Mortensen, Confederation of Danish Industry and Lars Kornbek, Vitani A/S), computer science (Niels Christian Juul, Roskilde University), and ethics (Thomas Laursen, Secretariat of the Danish Council of Ethics).
On September, 30, 2009 the Board of Technology held a workshop where a wide range of selected stakeholders debated a discussion paper from the working group and provided input to the project.
Its content is also presented in Danish on the website www.biometri.info. The website is open to the public and enables the Danes to seek information about biometry and to express their views in an attitude survey.
COST Action 2101
EU COST action 2101, Biometry for IDentification and Smart cards (BIDS) has been collaborating for four years on biometrics research and industrial applications. In May 2010, the action hosted a workshop on Security and Privacy in Biometrics at University of Las Palmas.
Both the collaboration and discussions in the working group hosted by the Danish board of Technology and within the COST action 2101 has influenced this chapter. The contributions of both are hereby acknowledged.
This work was also presented and discussed in a preliminary form at the COST action 2101 Workshop on Security and Privacy in Biometrics at University of Las Palmas, Grand Canarias, May 2010.
- 1.Article 29 Data Protection Working Party. Working document on biometrics, WP 80, 12168/02/EN, 1 August 2003. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2003/wp80_en.pdf
- 3.Datatilsynet. Adgangssystem til motionscenter baseret på fingeraftryk. A decision in Danish from the Danish Data Protection Agency on an access control system for a fitness center based on finger prints, date: 2004.11.26, journo 2004-219-0208. http://www.datatilsynet.dk/afgoerelser/arkiv-over-afgoerelser/artikel/adgangssystem-til-motionscenter-baseret-paa-fingeraftryk/
- 4.Datatilsynet. Adgangskontrol på diskoteker og førelse af intern karantæneliste. A decision in Danish from the Danish Data Protection Agency on access control at discothèques and maintence of an internal list of quarantined persons, date: 2008.06.20, journo 2008-42-0742. http://www.datatilsynet.dk/afgoerelser/arkiv-over-afgoerelser/artikel/adgangskontrol-paa-diskoteker/
- 5.Datatilsynet. Afslag på tilladelse til advarselsregister for diskoteker. A decision in Danish from the Danish Data Protection Agency refusing permission to maintain a warning register for discothèques, date: 2008.08.02, journo 2008-43-0011. http://www.datatilsynet.dk/afgoerelser/arkiv-over-afgoerelser/artikel/afslag-paa-tilladelse-til-advarselsregister-for-diskoteker/
- 6.European Data Protection Supervisor, Peter Hustinx. The case for responsible use of biometrics from the perspective of the European Data Protection Supervisor. Third joint parliamentary meeting on security: “Which technologies and for what security? The new instruments of internal and civil security”, Maison de la Chimie, Paris, 23 March 2010. http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Publications/Speeches/2010/10-03-23_Speech_Paris_EN.pdf
- 7.European Union. Directive 95/46/Ec of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU data protection directive), 23 November 1995. http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/DataProt/Legislation/Dir_1995_46_EN.pdf
- 8.Qureshi MK (2011) Liveness detection of biometric traits. International Journal of Information Technology and Knowledge Management 4(1):293–295 Google Scholar
- 9.Teknologirådet. Biometri—brug af biometriske teknologier I det danske samfund. Anbefalinger fra en arbejdsgruppe under Teknologirådet. A report in Danish from the board of technology on the use of biometric technologies in the Danish society. Teknologirådets rapporter 2010/2, ISBN 978-87-91614-55-2, March 2010 Google Scholar
- 10.Tranberg CB (2008) Biometric data in Scandinavia. European Business Lawe Review 19(2):387–403 Google Scholar
- 11.Tranberg CB (2010) Tommelen opp for biometri? In: Schartum DW (ed) Overvåkning i en rettsstat. Fakbokforlaget, Oslo, pp 262–280 Google Scholar