The European Data Protection Board has issued an opinion on the use of facial recognition technology at airports. The EDPS stresses that people should be able to manage their biometric data as well as possible. The issue was addressed at the request of the French Data Protection Authority.

Airports and airlines around the world are piloting facial recognition systems to streamline passenger flows at various checkpoints. Biometric data are particularly sensitive because their processing can pose significant risks to individuals, the Board recalls.

“We urge airlines and airports to choose, where possible, less privacy-intrusive ways to streamline passenger flows. Facial recognition technology can carry risks such as bias and discrimination. Misuse of biometric data can have serious consequences, such as identity theft or impersonation. People should therefore have as much control as possible over their own biometric data,” said Anu Talus, President of the European Data Protection Board.

In its opinion, the Board examines four different options for the use of facial recognition technology. The Board assesses these options in the light of certain data protection principles, namely data retention limitation, integrity and confidentiality, data protection by design and by default, and secure processing. The opinion examined, inter alia, how the different data retention solutions meet these principles.

The EDPS notes that only storage solutions where the biometric data are held by the individual or in a central database where the encryption key is held by the individual are compliant. Airports and airlines must also ensure that they have sufficient justification for the envisaged retention period.

There is no uniform requirement in the EU to verify the identity of an air passenger by means of an official identity document, but practice varies from one country to another. Where it is not necessary to verify identity by means of a document, biometric identifiers should not be used either, as this would lead to excessive processing of data.

https://tietosuoja.fi/-/euroopan-tietosuojaneuvosto-otti-kantaa-kasvojentunnistukseen-lentoasemilla-ihmisten-tulisi-voida-hallinnoida-biometrisia-tietojaan-mahdollisimman-hyvin-