Biometric Data, Data Protection and the Right to Privacy
Are biometric data always personal data ? Until today, this question is raised repeatedly, as well as whether biometric data are ‘sensitive’ data. The Chapter provides answers based on a detailed analysis of the concepts from a national and European law p
- PDF / 1,472,458 Bytes
- 186 Pages / 439.37 x 666.14 pts Page_size
- 53 Downloads / 271 Views
Biometric Data, Data Protection and the Right to Privacy
181. In this Chapter, we begin with the legal analysis of the processing of biometric data under the concepts of the data protection legislation,1 in particular the Directive 95/46/EC. We start with the question whether biometric data qualify as ‘personal data’. During the processing, the biometric data is transformed and stored in various ways as we described. The issue is therefore from time to time raised whether or not the person to whom the information relates can still be identified, directly or indirectly. Only if the answer is positive, the controller of the biometric data processing will have to comply with the obligations under the national data protection legislation(s). The qualification of biometric data as personal data has therefore important consequences. We will also review whether biometric data are or have to be considered as so-called ‘sensitive data’ the processing of which is in principle forbidden under the data protection legislation. Our analysis takes primarily the Directive 95/46/EC2 (the ‘Data Protection Directive’ or ‘Directive 95/46/EC’) into account because this Directive is the basis for the data protection legislation of all the European Union countries.3 The Directive
1
Data protection legislation in this work refers in general to the legislation which emerged since 1995 in Union countries implementing Directive 95/46/EC and regulating the processing of personal information. 2 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, O.J. L 281, 23.11.1995, pp. 31–50, also available at http://eur-lex.europa.eu/ LexUriServ/LexUriServ.do?uri=OJ:L:1995:281:0031:0050:EN:PDF. About the Proposals for Reform, see § 396 below. 3 It should be noted that in some EU countries, data protection rights principles and legislation already existed long before these Directives. See, for example, the data protection legislation enacted in France in 1978. Other examples of ‘early’ data protection legislations are the legislation in the German state of Hesse (Germany) (1970, the worldwide first ‘modern’ data protection legislation), Sweden (1973) and federal data protection legislation in Germany (1977). Such legislation was later modified where needed to implement the Directive. For an overview of the implementation of the Directive in the 27 Member States, see European Commission, Status of implementation of Directive 95/46/EC on the Protection of Individuals with regard to the Processing of Personal Data, previously available at http://ec.europa.eu/justice_home/fsj/privacy/law/ implementation_en.htm E.J. Kindt, Privacy and Data Protection Issues of Biometric Applications: A Comparative Legal Analysis, Law, Governance and Technology Series 12, DOI 10.1007/978-94-007-7522-0_3, © Springer Science+Business Media Dordrecht 2013
87
88
3
Biometric Data, Data Protection and the Right to Privacy
2002/
Data Loading...