Recap of Privacy & Passenger Biometrics: Developments And PerspectivesSubmitted on behalf of MC Earnst, IAWA Events Committee Member
On Thursday, March 11 Paul Clark of InterVISTAS Consulting hosted a thought-provoking panel on the topic of privacy and passenger biometrics. Panelists included Ellen McClain, who covered the legal landscape in the US for privacy concerns surrounding biometric data, John Wagner, who discussed the recent customs and border patrol approach to use of biometric data in the travel experience, and Isabelle Lelieur, who detailed the key points of the GDPR regulation in the EU and its treatment of biometric data.
Ms. McClain began by identifying the three major privacy concerns that the US legal system is attempting to address, including breaches, function creep, and data sharing. She noted that currently, there is no comprehensive federal law regulating the collection of biometric data. The individual States fill these gaps which results in inconsistent laws all over the country. This proves especially difficult for corporations operating across multiple states. Ms. McClain concluded that there is a need in the US to find a balance of privacy protections and technological innovations that comply with the law.
Mr. Wagner brought his perspective from his time at Customs and Border Patrol to discuss congressional requirements for biometric data for departing foreign travelers. He discussed the need to address the challenge of ensuring these individuals depart the US in line with their visa terms and conditions, and how we can possibly use biometric data to accomplish this task. He outlined several initiatives including replacing passport checks with cameras/facial recognition checkpoints. The challenge remains however of how to communicate the need for this system to flying public.
Ms. Lelieur covered GDPR implications for travel in great detail. Under the terms of the GDPR, biometric data is identified as “sensitive data” (meaning it is unique, permanent, unable to be copied/modified). It is therefore subject to special protections and can only be used for “legitimate interests,” which interestingly includes travel checkpoints. The GDPR requires express consent for the types of biometric data to be used, and there are strict retention regulations surrounding storage of this data.
The panel concluded that there is a great need for global standards that can apply to all countries; however this poses the risk of regulations created with the lowest common denominator at the forefront. Many questions in this space remain, but this panel provided great insight to our listeners about the current state of law and challenges surrounding how to address this crucial piece of our global travel experience.
IAWA members can watch the recording of the webinar here.