EDPB: ‘Facial recognition technology at airports poses threat to travelers’
The European Data Protection Board (EDPB) underscores that the use of biometric data at airports, and in particular facial recognition technology, leads to heightened risks to data subjects’ rights and freedoms.
In Europe there’s no uniform legal requirement for airport operators and airline companies to verify the identity of travelers. If verification of a passenger’s identity with official identity documents isn’t required, the use of facial recognition technology could therefore be an excessive processing of data.
To get more clarity on the matter, the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data and privacy authority, asked the EDPB to issue an advisory notice on the use of facial recognition technology by airport operators and airline companies for biometric authentication or identification of passengers to streamline the passenger flow at airports.
In its notice, the Board describes four different types of storage solutions at airports, ranging from storing biometric data only in the hands of the individual to centralized storage architecture with different modalities. Each comes with its pros and cons, but:
“In all cases, only the biometric data of passengers who actively enroll and consent to participate should be processed. These storage solutions, if implemented with a list of recommended minimum safeguards, are the only modalities which adequately counterbalance the intrusiveness of the processing by offering individuals the greatest control”, the Board concludes.
The risks of misuse of biometric data
According to EDPB Chair Anu Talus, more and more airport operators and airline companies around the world experiment with facial recognition systems to improve the passenger flow at airports. “It is important to be aware that biometric data are particularly sensitive and that their processing can create significant risks for individuals”, she expresses.
Furthermore, Talus warns for the risks that come with facial recognition technology, like false negatives, bias and discrimination. “Misuse of biometric data can also have grave consequences, such as identity fraud or impersonation. Therefore, we urge airline companies and airport operators to opt for less intrusive ways to streamline passenger flows, when possible.”
To oppose the risks of facial recognition technology, the EDPB thinks individuals should have maximum control over their own biometric data. Strict rules on storage limitations, retention period and legal justification are indispensable.
Your email address will not be published. Required fields are marked