EFF, 15 Oct 2012: 'Highest Court in the European Union To Rule On Biometrics Privacy'
"Courts are investigating the legality of a European Union regulation requiring biometric passports in Europe. Last month, the Dutch Council of State (State Council, the highest Dutch administrative court) asked the European Court of Justice (ECJ) to decide if the regulation requiring fingerprints in passports and travel documents violates citizens' right to privacy. The case entered the courts when three Dutch citizens were denied passports and another citizen was denied an ID card for refusing to provide their fingerprints. The ECJ ruling will play an important role in determining the legality of including biometrics in passports and travel documents in the European Union.
The Dutch Council referred the question of legality to the ECJ, arguing that the restrictions on privacy do not outweigh the ostensible aim of fraud prevention, and questioning the RFID technique. The Council also questioned whether fingerprints could be safeguarded so that they would only be used in passports or identity cards and not in databases for other purposes (known as function creep). The four cases that prompted this challenge to the biometric passport regulation are suspended pending the ECJ's response.
The Netherlands has mandated fingerprints in passports and ID cards since 2009. The Dutch biometric Passport Act is the misshapen offspring of the European Regulation compelling security features and biometrics in passports. The Regulation mandates that passports include two fingerprints taken flat in interoperable formats.
The Netherlands' storage of a biometric database was suspended in 2011, following privacy concerns as well as questions over the reliability of biometric technology. The Mayor of the City of Roermond reported that 21 percent of fingerprints collected in the city could not be used to identify any individuals. In April 2011, the Dutch Minister of Interior, in a letter to the Dutch House of Representatives, asserted that the number of false rejections was too high to warrant using fingerprints for verification and identification. Currently, only fingerprints stored in Radio Frequency Identification (RFID) chips embedded in ID documents are being collected.
The Amsterdam-based Privacy First Foundation (Stichting Privacy First) appreciates the critical stance on biometrics taken by the Dutch Council of State in line with the position taken by a German court:
"We hope the ECJ will soon rule that the European Passport Regulation is invalid both in a formal, procedural sense (having been improperly adopted in 2004) and in a material sense (violating the human right to privacy and data protection). In the meantime, we hope the Dutch Parliament will scrap compulsory fingerprinting for Dutch ID cards as soon as possible."
A government proposal to this effect is currently before the Dutch House of Representatives.
The Dutch Council concerns echo questions raised by a German court earlier this year regarding the legality of the German biometric passports with RFID chips. The German court has questioned whether the EU regulation is compatible with the Charter of Fundamental Rights of the European Union (EU Charter) and the European Convention of Human Rights (ECHR). The German case was preempted when a German citizen, Michael Schwarz, refused to provide his fingerprints to obtain his new passport and the City of Bochum decided not to issue him one.
Mr Schwarz argued that the regulation infringes privacy as protected under the ECHR and the EU Charter. In this case, the German court argued that the European Union has no legislative competence to enact rules on standards for security features and biometrics in passports as there is no direct relation of such rules to the protection and security of EU external frontiers.
The German court decided that the requirement of biometric data in passports is a "serious infringement" on privacy, arguing that the measure does not satisfy the proportionality test of being appropriate, necessary, or reasonable."
Read HERE the entire article (including sources) on the website of the US Electronic Frontier Foundation (EFF).