An Example of Privacy and Data Protection Best Practices for Biometrics Data Processing in Border Control: Lesson Learned from SMILE

Abomhara, Mohamed; Yayilgan, Sule Yildirim

doi:10.1007/978-3-030-71711-7_29

Mohamed Abomhara⁸ &
Sule Yildirim Yayilgan⁸

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1382))

Included in the following conference series:

International Conference on Intelligent Technologies and Applications

606 Accesses

Abstract

Biometric recognition is a highly adopted technology to support different kinds of applications, ranging from security and access control applications to low enforcement applications. However, such systems raise serious privacy and data protection concerns. Misuse of data, compromising the privacy of individuals and/or authorized processing of data may be irreversible and could have severe consequences on the individual’s rights to privacy and data protection. This is partly due to the lack of methods and guidance for the integration of data protection and privacy by design in the system development process. In this paper, we present an example of privacy and data protection best practices to provide more guidance for data controllers and developers on how to comply with the legal obligation for data protection. These privacy and data protection best practices and considerations are based on the lessons learned from the SMart mobILity at the European land borders (SMILE) project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
https://smile-h2020.eu/smile/.
2.
The European Data Protection Board is an independent European body whose purpose is to ensure consistent application of the General Data Protection Regulation and to promote cooperation among the EU’s data protection authorities.

References

Abomhara, M., Yayilgan, S.Y., Nymoen, A.H., Shalaginova, M., Székely, Z., Elezaj, O.: How to do it right: a framework for biometrics supported border control. In: Katsikas, S., Zorkadis, V. (eds.) e-Democracy 2019. CCIS, vol. 1111, pp. 94–109. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-37545-4_7
Chapter Google Scholar
Abomhara, M., Yayilgan, S.Y., Shalaginova, M., Székely, Z.: Border control and use of biometrics: reasons why the right to privacy can not be absolute. In: Friedewald, M., Önen, M., Lievens, E., Krenn, S., Fricker, S. (eds.) Privacy and Identity 2019. IAICT, vol. 576, pp. 259–271. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42504-3_17
Chapter Google Scholar
Bieker, F., Friedewald, M., Hansen, M., Obersteller, H., Rost, M.: A process for data protection impact assessment under the European general data protection regulation. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 21–37. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_2
Chapter Google Scholar
Campisi, P.: Security and Privacy in Biometrics, vol. 24. Springer, London (2013)
Google Scholar
Cavoukian, A., et al.: Privacy by Design: The 7 Foundational Principles. Information and Privacy Commissioner of Ontario, Canada 5 (2009)
Google Scholar
Colesky, M., Hoepman, J.H., Hillen, C.: A critical analysis of privacy design strategies. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 33–40. IEEE (2016)
Google Scholar
D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y.A., Bourka, A.: Privacy by design in big data: an overview of privacy enhancing technologies in the era of big data analytics. arXiv preprint arXiv:1512.06000 (2015)
Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)
European Commission: Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code). Official Journal of the European Union (2016)
Google Scholar
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)
Article Google Scholar
International Organization for Standardization: ISO/IEC 27001: 2013: Information Technology-Security Techniques-Information Security Management Systems-Requirements. International Organization for Standardization (2013)
Google Scholar
Janczewski, L.J., Portougal, V.: “need-to-know” principle and fuzzy security clearances modelling. Inf. Manage. Comput. Secur. (2000)
Google Scholar
Jasmontaite, L., Kamara, I., Zanfir-Fortuna, G., Leucci, S.: Data protection by design and by default: framing guiding principles into legal obligations in the GDPR. Eur. Data Prot. L. Rev. 4, 168 (2018)
Article Google Scholar
Kloza, D., van Dijk, N., Gellert, R., Böröcz, I., Tanas, A., Mantovani, E., Quinn, P.: Data protection impact assessments in the European union: complementing the new legal framework towards a more robust protection of individuals. Brussels Laboratory for Data Protection & Privacy Impact Assessments Policy Brief (2017)
Google Scholar
Memon, N.: How biometric authentication poses new challenges to our security and privacy [in the spotlight]. IEEE Signal Process. Mag. 34(4), 194–196 (2017)
Article Google Scholar
Sajfert, J., Quintel, T.: Data Protection Directive (EU) 2016/680 For Police and Criminal Justice Authorities. Edward Elgar Publishing, Cole/Boehm GDPR Commentary (2019)
Google Scholar
Sutrop, M.: Ethical issues in governing biometric technologies. In: Kumar, A., Zhang, D. (eds.) ICEB 2010. LNCS, vol. 6005, pp. 102–114. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12595-9_14
Chapter Google Scholar
Voigt, P., von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57959-7
Book Google Scholar
Willoughby, A.: Biometric surveillance and the right to privacy [commentary]. IEEE Technol. Soc. Mag. 36(3), 41–45 (2017)
Article Google Scholar

Download references

Acknowledgements

This work is carried out in the EU-funded project SMILE (Project ID: 740931), [H2020-DS-2016-2017] SEC-14-BES-2016 towards reducing the cost of technologies in land border security applications.

Author information

Authors and Affiliations

Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Trondheim, Norway
Mohamed Abomhara & Sule Yildirim Yayilgan

Authors

Mohamed Abomhara
View author publications
You can also search for this author in PubMed Google Scholar
Sule Yildirim Yayilgan
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohamed Abomhara .

Editor information

Editors and Affiliations

NTNU, Gjøvik, Norway
Sule Yildirim Yayilgan
The Islamia University of Bahawalpur, Punjab, Pakistan
Imran Sarwar Bajwa
University of Agder, Kristiansand, Norway
Filippo Sanfilippo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Abomhara, M., Yayilgan, S.Y. (2021). An Example of Privacy and Data Protection Best Practices for Biometrics Data Processing in Border Control: Lesson Learned from SMILE. In: Yildirim Yayilgan, S., Bajwa, I.S., Sanfilippo, F. (eds) Intelligent Technologies and Applications. INTAP 2020. Communications in Computer and Information Science, vol 1382. Springer, Cham. https://doi.org/10.1007/978-3-030-71711-7_29

Download citation

DOI: https://doi.org/10.1007/978-3-030-71711-7_29
Published: 15 March 2021
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71710-0
Online ISBN: 978-3-030-71711-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics