PROTECT (Pervasive and UseR Focused BiomeTrics BordEr ProjeCT): D2.3 Privacy impact of next-generation biometric border control

This document is Deliverable D2.3 of Task T2.4, WP2 – Privacy of the PROTECT project. The aim of D2.3 is to analyse whether the PROTECT project entails a potential substantial interference into individuals’ rights to privacy and to data protection, as protected under articles 7 & 8 of the Charter of Fundamental Rights, and if so to manage the identified risks to these rights of data subject by proceeding to an impact assessment. As a reminder, the PROTECT project implies the collection and storage of emerging biometric data of a huge number of “bona fide” travellers (in addition to the biometric data already collected and stored in the travel documents and the IT databases which were described in D2.2 – Legal framework of biometric border control). In D2.2, it was assumed that the purpose of the PROTECT system was to “facilitate” public border control authorities to speed up their public interest missions of border control management by enrolling emerging biometrics in travel documents (or smartphone apps acting as travel documents) in addition to passport information (including traditional biometric modalities: facial image and fingerprints). However, the main conclusion of D2.2 was that the abovementioned scenario should certainly be considered as beyond the scope of current EU legislation. One of the main reasons for D2.2’s conclusion is that consent of travelers cannot legally be considered as a legitimate basis of lawfulness under the GDPR to allow public border control authorities to speed up their public interest missions by enrolling additional biometrics in travel documents (which currently may not be replaced by a smartphone app). This finding of illegality of D3.1 scenarios in “real-world conditions” does not oppose the goals of the demonstration phase of the PROTECT project. Trials conducted exclusively for research purposes could demonstrate the feasibility of combining passport information (including traditional biometrics) and additional contactless biometrics of volunteers, with their explicit consent, with the aim of matching their identities against fictional (emulated) “watchlists” specifically developed for these scientific trials. The data protection safeguards of such trials (such as consent forms and security requirements) will be described in a future version of D2.1 – “Data management Plan”. The purpose of this Deliverable “D2.3 - Privacy impact of next-generation biometric border control” is to analyse whether, as an alternative to D3.1 scenarios, emerging biometric modalities could be processed in a “passport companion”, such as a smartphone for “comfort and convenience purposes” of travellers, on the basis of a contract with the PROTECT’s data controller and travellers’ explicit consent. The idea is to analyse − from a privacy and data protection point of view − the possibility and the conditions in real-world conditions to enrol emerging biometrics in a smartphone app for travellers willing to join a “PROTECT programme” allowing them to be given priority in waiting areas for “traditional” security and border checks and/or allowing them to benefit from additional conveniences such as access to VIP parking zones or waiting lounges. In order to carry out this analysis, this Deliverable performs a Data Protection Impact Assessment (DPIA) which is required by Article 35 of the GDPR. A DPIA is a process designed to describe the processing, assess its necessity and proportionality, and help manage risks to the rights and freedoms of natural persons resulting from the processing of personal data, by assessing the risks and determining the measures to address them. In this Deliverable, the methodology which was chosen to conduct this DPIA is based on the one which was developed by the French Data Protection Authority (CNIL) in February 2018.