Facial Recognition at Airports: A Risk to Your Personal Data?
The European Data Protection Board (EDPB) has released an Opinion regarding the application of facial recognition technologies by airport operators and airlines to improve the efficiency of passenger processing. This Opinion, developed under Article 64(2) in response to a request from the French Data Protection Authority, examines the wider impacts and consequences of these technologies within various EU Member States.
According to EDPB Chair, while facial recognition systems are being increasingly piloted at airports globally, it is crucial to recognise the sensitive nature of biometric data and the significant risks it poses.
Biometric data processing can result in false negatives, bias, discrimination, and severe consequences like identity fraud or impersonation. The EDPB say that airport operators and airlines need to consider less intrusive alternatives for managing passenger flow, ensuring individuals retain maximum control over their biometric data.
Facial Recognition and GDPR
The EDPB’s Opinion examines the compatibility of biometric data processing with several GDPR principles, including storage limitation, integrity and confidentiality, data protection by design and default, and security of processing.
It highlights that there is no uniform legal requirement within the EU for verifying the name on a passenger's boarding pass against their identity document using biometrics. Such practices would lead to excessive data processing where not legally required. Only passengers who actively enroll and consent to biometric data processing should have their data stored, and the storage solutions must prioritise the individual’s control over their data.
The EDPB finds that the only compliant storage solutions under GDPR are those where biometric data is either stored solely with the individual or in a central database with the encryption key in the individual’s possession. These methods balance the intrusiveness of the processing with the need for security and confidentiality. Conversely, storing biometric data in a centralised database or the cloud without user-held encryption keys fails to meet GDPR’s data protection requirements.
Additionally, the EDPB highlights the importance of limiting data retention to what is necessary for the intended purpose, with sufficient justification for the retention period.
While facial recognition technology can enhance airport security and streamline passenger flow, it poses significant privacy risks. Compliance with GDPR requires explicit user consent, stringent data protection measures, and robust storage solutions to ensure individuals retain control over their biometric data. The EDPB's guidance aims to safeguard personal data while acknowledging the potential benefits of biometric technologies in airports.
Facial Recognition Concerns at US Airports
Facial recognition technology is swiftly being adopted at airports worldwide, including in 93 U.S. airports equipped with Credential Authentication Technology (CAT-2) units. These systems promise faster passenger processing and enhanced security by swiftly identifying threats. However, they also raise significant privacy and civil liberties concerns.
Critics, like 'Fight for the Future,' argue that facial recognition poses risks of mass surveillance and data mishandling. They highlight disparities in accuracy, especially for darker-skinned individuals and women, which can lead to wrongful arrests and identity mismatches.
Calls for legislation, such as the Travel Privacy Protection Act, aim to curb facial recognition's use by TSA and airlines, emphasising the need for transparency and consent in biometric data handling. As airports globally adopt these technologies, balancing security benefits with privacy rights remains a critical challenge.
How Can Gerrish Legal Help?
Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property.
We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements.
We are here to help you, get in contact with us today for more information.