FB pixel

Scotland’s watchdog sends fresh warning over storing biometric data on Microsoft cloud

Categories Biometrics News  |  Law Enforcement
Scotland’s watchdog sends fresh warning over storing biometric data on Microsoft cloud
 

Scotland’s data protection watchdog has requested that the Scottish police assess the security of storing biometric data on Microsoft’s servers.

Biometrics ­Commissioner Brian Plastow wants more information on a platform called Digital Evidence Sharing Capability (DESC). A pilot project, it is testing easier access by police and court employees to images, CCTV footage and other sensitive data used in court cases.

Plastow warned that storing sensitive data of UK citizens on a cloud server run by a United States company opens questions about U.S. government access to Scottish data. The DESC project is run by government contractor Axon and hosted on Microsoft’s Azure.

“Based on the information so far provided to me by Police Scotland, I am not satisfied that biometric data within the Scottish government DESC project is being properly protected from unauthorized access,” he told The Sunday Post.

According to the U.S. Cloud Act, federal law enforcement agencies can compel domestic companies to provide data stored on servers regardless of whether the data is owned by a firm based outside the U.S.

“In other words, there is a risk U.S. federal authorities could compel the technology supplier to surrender very sensitive Police Scotland data without their knowledge or consent,” says Plastow.

Similar concerns have dogged the Scottish Police Authority itself.

This could put the DESC pilot at odds with the UK data protection law and the Scottish Biometrics Commissioners Code of Practice, the commissioner says. The legality of the scheme is being reviewed by the UK’s information commissioner.

The Scottish police have said that digital evidence-sharing is limited and does not include fingerprint, bodycam or DNA evidence. The pilot is part of a £33 ­million (US$42 million) Scottish government initiative to transform how evidence is managed across the justice system.

This is not the first time Plastow has sounded an alarm over stored biometric data. Earlier this year, after the commissioner found that the police had stored large amounts of biometric data from arrests on Microsoft servers, the Scottish Police Authority agreed to accept his recommendations. This included better protection of children’s data and increasing transparency and “right to information” for data subjects.

The Cloud Act and the question of U.S. government’s access to foreign citizens’ data is not only a concern in the UK. The US and the EU have spent months trying to reach a deal for the EU-U.S. data privacy framework with debates centering around concerns about U.S. spy agencies accessing Europeans’ private data. The mechanism is designed to safely transfer European Union citizens’ personal data to the United States, including biometric data.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Digital identity leaders shepherd wallets into the mainstream

Discussion and debate at the European Identity and Cloud (EIC 2024) conference focused largely on how to achieve trust among…

 

Suprema, Strata Identity, Gunnebo gain security certifications

Recent certifications for Suprema, Strata Identity, Gunnebo and ISS reflect the broader industry trend towards stringent information security measures, ensuring…

 

Biometrics entering everyday activities via rising technologies

Biometrics underpin the new technologies that people will soon use on a daily basis for everything from payments to age…

 

Anticipation for Metalenz and Samsung’s answer to Face ID mounts

After Samsung and Metalenz collaborated to incorporate Samsung’s Isocell Vision 931 image sensor into Metalenz’s Polar ID imaging technology, Mashable…

 

Germany beefs up border security ahead of UEFA Championship

Germany has been ramping up security measures such as border checks and CCTV surveillance in preparation UEFA European Football Championship…

 

Inverid and Cybernetica team up to secure digital ID, signatures with biometric MFA

A new partnership has been formed by Inverid and Cybernetica to combine the NFC ID document-scanning capabilities of the former…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events