FB pixel

EU watchdog rules airport biometrics must be passenger-controlled to comply with GDPR

| Chris Burt
Categories Biometrics News  |  Border and Port Security  |  Facial Recognition
EU watchdog rules airport biometrics must be passenger-controlled to comply with GDPR
 

The use of facial recognition to streamline air passenger’s travel journeys only complies with Europe’s data protection regulations in certain circumstances, the European Data Protection Board has ruled.

The EDPB issued the ruling in response to a request from the French Supervisory Authority to issue an opinion on whether biometric authentication by airlines or airports complies with the EU’s General Data Protection Regulation.

In its “Opinion 11/2024 on the use of facial recognition to streamline airport passengers’ flow (compatibility with Articles 5(1)(e) and(f), 25 and 32 GDPR,” the EDPB finds that

Article 5 of GDPR covers principles for processing personal data. Clause (e) limits data storage, while clause (f) relates to integrity and confidentiality. Article 25 addresses “data protection by design and default,” and article 32 deals with security of processing.

The EDPB considered four scenarios for biometric passenger processing. One involves the biometric template being stored on an end-users’ device, and controlled by them. Second is a model of centralized template storage in which the data is encrypted, and the key held by the end user. Third, centralized storage of encrypted biometric data with the key in the hands of the airport operator. The fourth scenario is the same as the third, only with the data stored in the cloud.

The EDPB says both the third and fourth scenarios “cannot be compatible with Article 25 GDPR. Also, such processing would not comply with the principle of integrity and confidentiality under Article 5(1)(f) and Article 32 GDPR” unless further measures are taken.

The fourth scenario would also fail to comply with GDPR article 5(1)(e).

The digital travel credentials (DTCs) being piloted with EU Commission backing would avoid the violations by following the model of the first scenario considered by the EDPB.

In the meantime, airport biometrics continue to roll out across Europe, with Spain introducing facial recognition scanners in an example from earlier this year.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics ease airport and online journeys, national digital ID expansion

Biometrics advances are culminating in new kinds of experiences for crossing international borders and getting through online age gates in…

 

Agentic AI working groups ask what happens when we ‘give identity the power to act’

The pitch behind agentic AI is that large language models and algorithms can be harnessed to deploy bots on behalf…

 

Nothin’ like a G-Knot: finger vein crypto wallet mixes hard science with soft lines

Let’s be frank: most biometric security hardware is not especially handsome. Facial scanners and fingerprint readers tend to skew toward…

 

Idemia Smart Identity negotiates with Nepal, nears ID document issuance in Armenia

A pair of deals for Idemia Smart Identity to supply biometric ID documents, one in Nepal and one in Armenia,…

 

Rapid expansion of DHS’s citizenship database raises new election concerns

Over the past month, the Department of Homeland Security (DHS) has quietly transformed the Systematic Alien Verification for Entitlements (SAVE)…

 

Aurigin adds voice liveness detection to Swisscom identity infrastructure

Aurigin.ai is collaborating with Swisscom Digital Trust to strengthen existing KYC processes with voice-based liveness verification and AI deepfake detection,…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events