Print

Control system by an iris scan - European Central Bank

14
Feb
2008

Control system by an iris scan - European Central Bank

Opinion of 14 February 2008 on a notification for prior checking related to the extension of a pre-existing access control system by an iris scan technology for high secure business areas (Case 2007-501)

The ECB has set up an access control system which, among others, scans the iris of ECB staff members and external individuals accessing highly secured areas within the ECB. The data generated by the access control system are also used to reconstruct events during security related incidents. 
 
The EDPS recommendations to be implemented by the ECB include, inter alia,
  • Enact a legal instrument providing the legal basis for the processing operations that take place in order to set up an access control system based on the use of biometrics (iris scan);
  • Reconsider the decision taken in terms of technological choices through an impact assessment, including a viable timetable to implement changes in technology, i.e. in the current iris scan system. In a first phase, consider introducing a "one to one" search mode by including an additional identification, for example, using ECB standard access badges together with the upgraded IrisAccess 4000. At a later stage, consider changing to a "one to one" search mode where biometric data would be stored in chips rather than in a central database;
  • Shorten the deadline for the storage of audit trail data which reveals whether an individual accessed or tried to access the areas controlled by the system; 
  • Amend the privacy statement as recommended in the Opinion.
Available languages: English