Joint paper of the Spanish data protection authority, Agencia Española de Protección de Datos (AEPD), and the European Data Protection Supervisor (EDPS) on 14 misunderstandings with regard to biometric identification and authentication.
The use of biometric data for identification and authentication purposes is not new but has greatly increased in recent years. Along with its growing popularity, unfortunately, some misconceptions about the technologies involved have become widespread.
The objective of this document is to raise awareness about some misunderstandings about biometric technologies, and to motivate its readers to check assertions about the technology, rather than accepting them without verification.
The EDPS’ role is to ensure effective protection of people’s fundamental rights and freedoms against the (mis)use of technologies, in particular in relation to the processing of personal data by the EU institutions, bodies, offices and agencies (collectively ‘EUIs’). More specifically, under Article 57 of Regulation (EU) 2018/1725 on data protection for the EUIs, one of our main tasks is to ‘monitor and enforce the application of this Regulation’. This paper explains how we will act in that role, explaining both to individuals whose data EUIs process (the data subjects) and the EUIs themselves what they can expect from us as the supervisory authority for EUI’s processing of personal data and what we expect EUIs to do.
Replying to consultations from EU institutions, bodies, offices and agencies ('EUIs') in their capacity as controllers (organisations processing personal data) is one of the tasks of the EDPS as supervisory authority for the EUIs. Under Regulation (EU) 2018/1725, the data protection regulation for the EUIs, there are several situations in which EUIs can or have to consult the EDPS. In some cases, EUIs may want to obtain additional guidance on specific questions they face from the EDPS, while in others, they are obliged to consult (and in some cases, obtain authorisation from) the EDPS. This document provides practical tips on consulting the EDPS and on what kind of reply to expect.
Joint paper of the Spanish data protection authority, Agencia española de protección de datos (AEPD), and the European Data Protection Supervisor (EDPS) on hash techniques in data processing activities as a safeguard for personal data.