Contact us

Phone numer
+39 0331 15 41 423
Email
info@allavellilegal.com
Offices
Gallarate (VA)
Via Marsala, 36

 Milano (MI)
Via Festa del Perdono, 10

 Lugano (CH)
Via delle Scuole, 3
allavellilegal
Privacy

Facial recongnition at airports: potential and risks

1 Oct 2024
3' of reading
Read the article
V

Brussels May 2024

During its latest plenary session, the European Data Protection Board adopted an opinion on the use of facial recognition technologies by airport operators and airlines to streamline passenger flow at airports.

Anu Talus (chairman of the EDPB) said that although the implementation of facial recognition at airports is an effective tool in managing passenger flows, it is crucial to be aware of the impact this means can have.

Facial recognition, in fact, can lead to false negatives, bias, and discrimination, and the misuse of biometric data can also have serious consequences, such as identity fraud or impersonation.

In the EU, there is no uniform legal requirement for airport operators and airlines to verify that the name on a passenger’s boarding pass matches the name on their ID: this may be subject to the discretion of national laws.

Therefore, if no match between boarding pass and ID is required, verification using biometric data should not be carried out, as this would result in excessive data processing.

In its opinion, the EDPB considered four types of biometric data storage solutions, from storage in the hands of individuals to centralized facilities in various ways, noting that the only storage solutions that could be compatible with the principle of integrity and confidentiality are:

– The storage of biometric data directly in the hands of the individual;

– The storage of data at a central database but with the encryption key exclusively in the hands of the individual.

 

EDPB Conclusions

Solutions based on storage in a centralized database within the airport or in the cloud, without the encryption keys in the hands of the directly affected individual, cannot be compatible with data protection requirements, consequently not respecting the integrity and confidentiality of the data.

 

How to cope with the issue?

The inquiry into the use of these technologies is not limited to a mere assessment of their effectiveness but extends to the principles of proportionality and necessity.

Although the entity using facial recognition claims that its modus operandi complies with the European GDPR data protection regulation, the jurist must consider whether the measures taken are adequately proportional to the risk presented and whether they are truly capable of counteracting the inevitable security risks associated with handling such data.

white-circle-arrow
Return to news

Request a consultation