Legal issues
 

A major integrative effort within the BioSecure Network of Excellence lies with the design and collection of a new multimodal database. It will take place in the second part of the project (i.e. second 18 months). This database will allow for the creation of a common and repeatable benchmark of algorithms. Several partners will be involved in the acquisition of the BioSecure Multimodal Biometric Database.

 Legal aspects have to be handled when performing acquisition, storage and exchange of biometric data. When defining a biometric database, specific issues have to be tackled before the acquisition process itself can begin. Indeed particular aspects related to the protection of personal data as well as the rights of the persons regarding data stored in centralised databases have to be addressed. There is a variety of restrictions, which are dependent to a certain extent on the different national legislations. To take into account this legal side, the regulations are being studied in the context of multi-national and multi-modal biometric data acquisition under consideration of national conditions. Other issues related to IPRs are also being studied.

In the following section, legal requirements related to the BioSecure Multimodal Biometric Database are discussed, including Data Protection issues and IPRs issues. Agreement with „donors‟, control and processing of the data and transfer of data between institutions are specifically addressed.

While there has been a harmonization of the basic requirements for data protection at the EU level, differences remain as to the administrative steps required and as to non-EU legislations.

Now biometric data are considered as sensitive data and go into the field of application of the personal data protection. The first convention who is taking rules of data protection is the 108 convention of European council at 28 January 19811.

The definition of personal data is given by the European directive of 19952 and repeated in European country law: “personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”.

There are the cases of biometric data, because they allow directly and indirectly the identification of a person and are thus protected as some. More, this data are considered by The European commission as sensitive data. Her protection is stricter.

The establishment of a personal data processing is subject to certain formalities and procedures.

A complete document can be found here ( a french version of the document can be found here)

1 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data
http://conventions.coe.int/Treaty/EN/Treaties/HTML/108.htm
2 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML