Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar. 2007 NRCCL, UIO.

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
NATIONAL INFORMATION GOVERNANCE BOARD
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
The Data Protection (Jersey) Law 2005.
Biometrics and Data Protection Dr. Yue Liu Forum rettsinformatikk 2011.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
1 1 Legal aspects of incident reporting and data collection : Fear of the Dark? Meeting on “Incident Reporting in Radiotherapy” 3rd of September – Federal.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.
European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
Health research and the protection of personal information rights in international ethics and human rights law Colin M Harper Promoting Health Research.
Amicus Legal Consultants THE DEPLOYMENT OF SPECIAL INVESTIGATIVE MEANS IN PROACTIVE ANTI-CORRUPTION INVESTIGATIONS.
The Data Protection Act 1998 The Eight Principles.
European Standards on Confidentiality and Privacy in Healthcare Dr Colin M Harper Division of Psychiatry & Neuroscience Queen’s University.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
Data protection and European citizens’ initiatives
Biometric Technologies
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Privacy. Some Web Science Issues Kieron O’Hara 29 November 2011.
František Nonnemann Skopje, 10th October 2012 JHA Data protection and re-use of PSI as a tool for public control–CZ approach.
Privacy and ‘Big Data’: the European perspective Human Subjects’ Protections in the Digital Age: IRB, Privacy and Big Data Peter Elias, University of Warwick.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Issues of personal data protection in scientific research
Data Protection: EU & International
Athina Antoniou and Lilian Mitrou
The General Data Protection Regulation act (GDPR)
General Data Protection Regulation
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
Data Protection & Human Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
The Future of Big Data, Equality and Privacy
State of the privacy union
G.D.P.R General Data Protection Regulations
Relocation CARNIVAL come one…come all
GDPR Workshop MEU Symposium Prague 2018
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Public Privacy: juridical & ethical perspective
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Presentation transcript:

Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar NRCCL, UIO

Signature (unit, name, etc.) Agenda Technical introduction to biometrics Biometric applications Biometrics from a legal perspective: privacy/data protection Relevant legal regulations Discussion: friend or foe?

Signature (unit, name, etc.) Definition: Biometric technologies are automated methods of verifying or recognizing the identity of a living person based on a physiological or behavioral characteristic. ---J. Wayman

Signature (unit, name, etc.) biometrics Behavior: voice, keystroke, gait, signature… Physiological Fingerprint, iris, facial, retina, palm… DNA? Not externally observable

Signature (unit, name, etc.) biometrics Verification (authentication): –are you whom you claim to be? –one to one match –Central or decentralized database Identification: –Who are you? –One to many match –Central database

Signature (unit, name, etc.) Authentication methods Something you have: card token key Something you know: password, PIN Something you are: biometrics

Signature (unit, name, etc.) Function process

Signature (unit, name, etc.) Biometric applications Verification: PRIVIUM (iris), Identification: EURODAC (fingerprint), US chain stores, Both: EU Passport (facial recognition)

Signature (unit, name, etc.) Privacy impact assessment Are users aware of the system’s operation? Is the system optional or mandatory? Is the system used for verification or identification? Is there are central database? What kind of PET is being used? What kind of biometric technology is adopted? Is the data collector private or public sector? In what capacity are data subjects interact with the system? Is it a large scale application or a small scale application? …….

Signature (unit, name, etc.) Biometric concerns Function creep Ethical concerns Overkill the task Disclose sensitive information Pervasive surveillance; covert collection Lower privacy awareness: for convenience Hacking of central storage and wide likeability Can biometrics make us safer? Deprived the right to anonymity Permanent ID theft …

Signature (unit, name, etc.) Legal framework Very little specific biometric regulations European convention on Human rights (ECHR) Data Protection Directive (95/46/EC)

Signature (unit, name, etc.) Privacy: the right to be left alone ECHR art8(1) Everyone has the right to respect for his private life and family life, his home and correspondence. Dimensions: –informational –Physical –Decisional –Proprietary

Signature (unit, name, etc.) ECHR art8(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well- being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Signature (unit, name, etc.) Data protection Directive Defines rights and obligations with respect to the processing of personal data any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;“

Signature (unit, name, etc.) Personal data Personal data any information relating to an identified or identifiable natural person (art2 a) An identifiable person is one can be identified directly or indirectly in particular by reference to an identification number or one or more factors that specific to his physical, physiological, and mental(…) identity Biometric image and biometric template as personal data?

Signature (unit, name, etc.) Principle: fair collection personal data must be processed fairly and lawfully(art6 a ) Data subject must be informed, consent is needed unless under certain conditions: national security, defense. Public interests… Covert surveillance should not be allowed generally: facial recognition

Signature (unit, name, etc.) Principles: purpose and proportionality Legitimate Purpose (ar6b):(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Proportionality (art ) personal data must be adequate, relevant and not excessive in relation to purpose

Signature (unit, name, etc.) Legitimate processing Art7 personal data may be processed only if: consent necessary for the performance of a contract necessary for compliance with a legal obligation necessary in order to protect the vital interests of the data subject, necessary for the performance of a task carried out in the public interest or in the exercise of official authority necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed

Signature (unit, name, etc.) proportionality When the collection of biometric data is necessary?( less obtrusive alternative? Balance?) Messing v. Bank of America, Swedish school, UK How to avoid function creep? Is consent enough? ( opt in or opt out)

Signature (unit, name, etc.) Security measures Art17 Appropriate security measures must be taken to protect personal data against unlawful destruction or accidental loss, alteration, unauthorized disclosure or access

Signature (unit, name, etc.) Misconceptions of biometrics Accuracy, ID theft, central storage Risks: enrollment, transmission, storage, raw data, reversible template, id theft, indisputable evidence, permanent ID theft Safe guards of misuse of biometrics: encryption, smart card A right to argue?

Signature (unit, name, etc.) Friend or foe? When can biometric compatible with the EC data protection directive? When can biometrics be a friend to our privacy? Is it just a problem of trading off between privacy and security?

Signature (unit, name, etc.) Thank you for your attention! Reading list: Art29 data protection working party, working document on biometrics at ocs/wpdocs/2003/wp80_en.pdf JRC(IPTS) Biometrics at the frontiers: assessing the impact on society. At reetravel/doc/biometrics_eur21585_en.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.