Abstract
Biometric recognition is a highly adopted technology to support different kinds of applications, ranging from security and access control applications to low enforcement applications. However, such systems raise serious privacy and data protection concerns. Misuse of data, compromising the privacy of individuals and/or authorized processing of data may be irreversible and could have severe consequences on the individual’s rights to privacy and data protection. This is partly due to the lack of methods and guidance for the integration of data protection and privacy by design in the system development process. In this paper, we present an example of privacy and data protection best practices to provide more guidance for data controllers and developers on how to comply with the legal obligation for data protection. These privacy and data protection best practices and considerations are based on the lessons learned from the SMart mobILity at the European land borders (SMILE) project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
The European Data Protection Board is an independent European body whose purpose is to ensure consistent application of the General Data Protection Regulation and to promote cooperation among the EU’s data protection authorities.
References
Abomhara, M., Yayilgan, S.Y., Nymoen, A.H., Shalaginova, M., Székely, Z., Elezaj, O.: How to do it right: a framework for biometrics supported border control. In: Katsikas, S., Zorkadis, V. (eds.) e-Democracy 2019. CCIS, vol. 1111, pp. 94–109. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-37545-4_7
Abomhara, M., Yayilgan, S.Y., Shalaginova, M., Székely, Z.: Border control and use of biometrics: reasons why the right to privacy can not be absolute. In: Friedewald, M., Önen, M., Lievens, E., Krenn, S., Fricker, S. (eds.) Privacy and Identity 2019. IAICT, vol. 576, pp. 259–271. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42504-3_17
Bieker, F., Friedewald, M., Hansen, M., Obersteller, H., Rost, M.: A process for data protection impact assessment under the European general data protection regulation. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 21–37. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_2
Campisi, P.: Security and Privacy in Biometrics, vol. 24. Springer, London (2013)
Cavoukian, A., et al.: Privacy by Design: The 7 Foundational Principles. Information and Privacy Commissioner of Ontario, Canada 5 (2009)
Colesky, M., Hoepman, J.H., Hillen, C.: A critical analysis of privacy design strategies. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 33–40. IEEE (2016)
D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y.A., Bourka, A.: Privacy by design in big data: an overview of privacy enhancing technologies in the era of big data analytics. arXiv preprint arXiv:1512.06000 (2015)
Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)
European Commission: Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code). Official Journal of the European Union (2016)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)
International Organization for Standardization: ISO/IEC 27001: 2013: Information Technology-Security Techniques-Information Security Management Systems-Requirements. International Organization for Standardization (2013)
Janczewski, L.J., Portougal, V.: “need-to-know” principle and fuzzy security clearances modelling. Inf. Manage. Comput. Secur. (2000)
Jasmontaite, L., Kamara, I., Zanfir-Fortuna, G., Leucci, S.: Data protection by design and by default: framing guiding principles into legal obligations in the GDPR. Eur. Data Prot. L. Rev. 4, 168 (2018)
Kloza, D., van Dijk, N., Gellert, R., Böröcz, I., Tanas, A., Mantovani, E., Quinn, P.: Data protection impact assessments in the European union: complementing the new legal framework towards a more robust protection of individuals. Brussels Laboratory for Data Protection & Privacy Impact Assessments Policy Brief (2017)
Memon, N.: How biometric authentication poses new challenges to our security and privacy [in the spotlight]. IEEE Signal Process. Mag. 34(4), 194–196 (2017)
Sajfert, J., Quintel, T.: Data Protection Directive (EU) 2016/680 For Police and Criminal Justice Authorities. Edward Elgar Publishing, Cole/Boehm GDPR Commentary (2019)
Sutrop, M.: Ethical issues in governing biometric technologies. In: Kumar, A., Zhang, D. (eds.) ICEB 2010. LNCS, vol. 6005, pp. 102–114. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12595-9_14
Voigt, P., von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57959-7
Willoughby, A.: Biometric surveillance and the right to privacy [commentary]. IEEE Technol. Soc. Mag. 36(3), 41–45 (2017)
Acknowledgements
This work is carried out in the EU-funded project SMILE (Project ID: 740931), [H2020-DS-2016-2017] SEC-14-BES-2016 towards reducing the cost of technologies in land border security applications.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Abomhara, M., Yayilgan, S.Y. (2021). An Example of Privacy and Data Protection Best Practices for Biometrics Data Processing in Border Control: Lesson Learned from SMILE. In: Yildirim Yayilgan, S., Bajwa, I.S., Sanfilippo, F. (eds) Intelligent Technologies and Applications. INTAP 2020. Communications in Computer and Information Science, vol 1382. Springer, Cham. https://doi.org/10.1007/978-3-030-71711-7_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-71711-7_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71710-0
Online ISBN: 978-3-030-71711-7
eBook Packages: Computer ScienceComputer Science (R0)