Control system by an iris scan - European Central Bank
Opinion of 14 February 2008 on a notification for prior checking related to the extension of a pre-existing access control system by an iris scan technology for high secure business areas (Case 2007-501)
- Enact a legal instrument providing the legal basis for the processing operations that take place in order to set up an access control system based on the use of biometrics (iris scan);
- Reconsider the decision taken in terms of technological choices through an impact assessment, including a viable timetable to implement changes in technology, i.e. in the current iris scan system. In a first phase, consider introducing a "one to one" search mode by including an additional identification, for example, using ECB standard access badges together with the upgraded IrisAccess 4000. At a later stage, consider changing to a "one to one" search mode where biometric data would be stored in chips rather than in a central database;
- Shorten the deadline for the storage of audit trail data which reveals whether an individual accessed or tried to access the areas controlled by the system;
- Amend the privacy statement as recommended in the Opinion.