Increased interoperability of EU biometric databases may be impacting human rights
A new report in the European Journal of Law and Technology highlights a series of human rights concerns about the EU’s large-scale information systems which utilize several types of biometric data for border security purposes.
In recent years there has been an increased drive to strengthen EU borders against threats.
Author Lauren Eltrick suggests in ‘Finding the Balance between Security and Human Rights in the EU Border Security Ecosystem’ that while the EU has adopted interoperability regulations for these systems (Reg(EU) 2019/817 and Reg(EU) 2019/818 in 2019) for enhanced data exchanges, the regulations prioritise the development of new tools for security purposes at the expense of the human rights of migrants. Furthermore, that biometric security methods treat third-country nationals not as individuals, but as risk categories.
The collection and use of biometric data is generally prohibited and regulated as a special category of personal data within Article 9 of the GDPR, Europe’s data protection regulations. At the end of April, the EU adopted a proposal for a regulation called the Artificial Intelligence Act (AIA) designed to regulate AI-based solutions, similar to the GDPR.
The EU has several biometric focused databases for different purposes; for example The Common Identity Repository (CIR) brings together multiple existing pan-European biometric databases spanning Entry/Exit, criminal records and asylum seekers to create a central record for some 350 million people. Eltrick argues that as a result of the regulations, the EU is failing to take into account the importance of the respective purposes behind each individual database.
Eu-LISA (the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice) play a crucial role in the facilitation of interoperability in Europe by managing the CIR, though some organisations have expressed concern regarding whether this data will be consistently cross-checked to eliminate the risk of ‘false positives’.
The Multiple Identity Detector (MID) database examines various other databases in order to determine whether the identity data on which the search has been conducted is present in more than one of the information systems. For example, if an individual’s fingerprint biometrics were incorrectly matched with someone who has already been registered within Eurodac then this could result in international protection being refused, according to the paper.
As the amount of biometric data collection increases, so does the risk to privacy of the individual in question, writes Eltrick. Where biometric data is often regarded as the ‘truth,’ this leaves little room for argument in cases of false positive or negative matches for those who already have no claims to rights within the EU.