Resolution 1797 (2011)1
The need for a global consideration of the human rights implications of biometrics
1. In the aftermath of the events of 11 September 2001, security issues have become a priority at the global level. They have led to an ongoing search for secure and reliable methods of verification of an individual’s identity, through his or her physical traits, by using biometrics. Due to its rapid development, biometric technology offers a possible solution to various security concerns, but it also puts several human rights at risk, including the right to respect for private life, the right to a fair trial and the presumption of innocence, freedom of movement and the prohibition of discrimination, as enshrined in the European Convention on Human Rights (ETS No. 5).
2. The Parliamentary Assembly notes that there is a need to properly balance security and the protection of human rights and fundamental freedoms, including the right to privacy. The broad technical scope of biometrics, its rapid development and member states’ willingness to make use of it for multiple purposes may not yet be appropriately reflected in member states’ legislation for the safeguarding of human rights. Once a new technology has found its way into everyday life, it becomes more difficult to implement, or even adopt, a proper legal framework. Member states should therefore deal with the legal issues relating to biometrics without delay.
3. At the European level, the existing legal framework remains vague, as there is no generally accepted definition of “biometric data”. Thus, the Assembly strongly believes that the Council of Europe itself should take steps to ensure that this legal framework is enhanced and modernised.
4. The Assembly therefore calls upon member states to:
4.1. adopt specific legislation on the use of biometric technologies to protect individuals from abuses of the rights enshrined in the European Convention on Human Rights, the Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the Application of Biology and Medicine: Convention on Human Rights and Biomedicine (“Oviedo Convention”, ETS No. 164) and other instruments on human rights protection, in particular to:
4.1.1. elaborate a standardised definition of “biometric data”;
4.1.2. revise the existing regulations concerning the general protection of personal data by adjusting them to current applications of enhanced biometric technologies;
4.2. keep their legislation under review in order to meet the challenges stemming from the further development of biometric technologies, including so-called “second generation” biometrics;
4.3. promote proportionality in dealing with biometric data, in particular by:
4.3.1. limiting their evaluation, processing and storage to cases of clear necessity, namely when the gain in security or in the protection of public health or of the rights of others clearly outweighs a possible interference with human rights and if the use of other, less intrusive techniques does not suffice;
4.3.2. providing individuals who are unable or unwilling to provide biometric data with alternative methods of identification and verification, where such data may unnecessarily include personal medical or health information;
4.3.3. working with data from biometric templates instead of raw data, whenever possible;
4.3.4. ensuring the right of individuals to be informed about the collection and processing of their biometric data;
4.3.5. enhancing transparency as a precondition for a person’s meaningful consent to providing biometric data and, where appropriate, facilitating the revocation of consent;
4.3.6. allowing individuals access to their data and/or the right to have it erased or rectified;
4.3.7. providing for appropriate storage systems, in particular by reducing centralised storage of data to the strict minimum, as well as by avoiding abusive pooling of unrelated data storage systems;
4.3.8. ensuring that biometric data is only used for the purpose for which they have been lawfully collected and preventing unauthorised transmission of, or access to, such data;
4.4. establish, as appropriate, supervisory bodies to control the implementation of relevant legislation and provide for effective remedies for individuals in case of violations of their human rights and fundamental freedoms;
4.5. strengthen the private sector’s compliance with existing data protection laws when using biometric technology, especially by:
4.5.1. ensuring accountability of data controllers;
4.5.2. requiring adequate training of those handling biometric data;
4.6. promote multidisciplinary research on new biometric technologies that would ensure a balance between the need for enhanced security and the respect for privacy, human dignity and transparency;
4.7. assess potential risks resulting from the use of biometrics for human rights and fundamental freedoms and share results between member states.
5. The Assembly also calls on member states to step up international co-operation, in particular with the United Nations, the Organisation for Economic Co-operation and Development and the European Union, with a view to harmonising standards on biometrics, in conformity with international human rights standards.
1 Text adopted by the Standing Committee, acting on behalf of the Assembly, on 11 March 2011 (see Doc. 12522, report of the Committee on Legal Affairs and Human Rights, rapporteur: Mr Haibach; and Doc. 12528, opinion of the Committee on Culture, Science and Education, rapporteur: Ms Brasseur). See also Recommendation 1960 (2011).