Biometric Data Without the Big-Brother Angst (American Banker)
At the end of the day, biometric data is really just another type of personal data that banks hold, access and use with the trust of customers and employees. But obtaining consent should not just be seen as merely a bureaucratic necessity. It is part of a process by which banks can maintain and enhance trust — which only becomes more important in the age of big data and virtual relationships.
It’s mostly inspired by the Facebook photo tagging affair but it deals with privacy issues and biometrics in a holistic way.
Ireland: Preserving Privacy In The Age Of Biometrics (mondaq)
The Office of the Irish Data Protection Commissioner (‘ODPC’) recently published its audit report regarding Facebook. The audit was undertaken to determine whether Facebook had implemented recommendations stemming from the ODPC’s first audit in 2011. While the audit was largely positive in its findings, the photo tagging feature introduced by Facebook, ‘tag suggestion’, was deemed by the ODPC to be a step too far for compliance with European data protection rules. This tool used cutting-edge facial recognition technology to automatically suggest the matching of names and pictures, i.e. upon the Facebook user uploading a photo, ‘tag suggestion’ would prompt the names of the individuals appearing in such image.
Consent, contract and transparency are all discussed in some detail at the link and we’ve discussed those topics philosophically on this blog in the past. There is also an analysis of proportionality in the linked article. Proportionality is a concept seen a lot in discussions of privacy issues involving European government institutions. It’s not a big part of privacy discussions in the United States.
In Europe, governments seem to feel freer to proactively inject themselves into arrangements between private entities than do governments in the United States. The recent French decision re biometrics for time-and-attendance is a good example of the invocation of proportionality to regulate the behavior of private entities.
In the United States, negligence, liability and torts seem to fill some of the roles proportionality plays in Europe. Since the legal system in the United States generally holds that one cannot consent to another party’s negligence, negligent parties are exposed to civil suits in the event that a data breach harmful to individuals occurs.
In general, it seems that the European approach is more proactive and government driven while the approach in the United States is more reactive and driven by private interests.
CCTV Technology has ‘Overtaken Ability to Regulate it’ (Wall Street Journal)
“A tiny camera in a dome with a 360-degree view can capture your face in the crowd, and there are now the algorithms that run in the background. I’ve seen the test reviews that show there’s a high success rate of picking out your face against a database of known faces.”
Research into automatic facial recognition being carried out by the Home Office has reached a 90 per cent success rate, he said, and it was “improving by the day”.
The headline quote comes from this more detailed article from The Independent, and might best be taken as a warning rather than a statement of fact. After all, if meant literally, the statement belongs in a resignation letter.
Surveillance Commissioner Andrew Rennison:
Let’s have a debate – if the public support it, then fine. If the public don’t support it, and we need to increase the regulation, then that’s what we need to do.”
Sounds like Transparency and Consent to me.