The circumscribed and regulated use of biometric data to facilitate authentication during ID checks and for greater security in identity documents does not run counter to data protection principles. By contrast, the use of such data for identification purposes is more problematic and raises a number of concerns.
Within the framework of interdepartmental consultations on the federal decree approving and implementing the exchange of notes between Switzerland and the European Union on the adoption of EU Council Regulation (EC) 2252/2004 on standards for security features and biometrics in passports and travel documents issued by Member States, we raised a number of issues regarding the use of biometric data. We also shared our concerns with the Political Institutions Committee of the Council of States and the National Council (upper and lower houses of Parliament respectively). However, Parliament did not take our comments on board and approved the draft bill presented by the Federal Council (federal government).
EU Council Regulation (EC) 2252/2004, which must be transposed as part of the adoption of the Schengen “acquis”, as well as both the recommendations of the International Civil Aviation Organization (ICAO) and US legal requirements, provide for the inclusion of biometric data (facial image and digital fingerprints) in passports and travel documents for authentication purposes (1:1 comparison). Authentication here means the action of verifying by means of a reader whether the biometric data of a person whose ID is being inspected correspond to the reference data held on the data medium contained in that same document. The authentication process does not require that the data be stored in a central system, as the verification can be done directly at the checkpoint by means of the reader. Retaining the biometric data in the ID documents information system (ISA file) as well as in the information system used for issuing Swiss travel documents and return visas for foreigners (ISR data files) beyond the time needed to issue the documents, would constitute an infringement of the principles of purpose limitation and proportionality. However, we are not against the use of new technologies, such as biometrics, in order to facilitate the authentication of individuals during identity checks and to improve the security of ID documents.
That said, we do have significant concerns with regard to the use of biometric data for identification purposes (1:n comparison – i.e. one to many) as this automatically implies the central storage of data. The processing of such sensitive data is acceptable if the purpose and the access rights to such data are comprehensively circumscribed in a formal legal text (ID Document Act). A rigid legal framework is needed to prevent the risks of abuse and function creep, and the danger of biometric identifiers being used as an access key to various databanks. It is therefore necessary to restrict the interconnection between different data sets. In our view, the changes to the Identity Document Act proposed in the Federal decree do not fulfil these conditions. This is why we could not support the storage of biometric data in the ISA and ISR files for identification purposes.
At European Union level, the working group on the protection of individuals with regard to the processing of personal data set up under Article 29 of the Directive 95/46/EC expressed its reservations with regard to national or European databases on biometrics in an opinion dated 30 September 2005. In fact, the European Parliament actually called for a ban on the establishment of a centralized database for passports and travel documents containing the biometric and other personal data of all passport-holders in the European Union.
Last modification 30.06.2008