Received:
2022-11-11 | Accepted:
2023-02-08 | Published:
2023-03-30
Title
The use of biometric technologies in ensuring critical infrastructure security: the context of protecting personal data
Abstract
The article examines aspects of the use of biometric technologies and the protection of personal data as it relates to the protection of critical infrastructure in the state. The use of biometric technologies for the protection of critical infrastructure is examined in this article through employee identification to establish the identity of employees unequivocally, for example, when entering such infrastructure facilities. The EU General Data Protection Regulation (GDPR) sets specific conditions for processing biometric data. Still, the relevant data controllers often have problems finding the appropriate basis for processing, especially in the context of GDPR Article 9. The authors, having examined the conditions for the processing of biometric data, propose introducing a particular legal framework for the processing of biometric data as far as it relates to the protection of critical infrastructure.
Keywords
General Data Protection Regulation, data protection, biometric technologies, protection of critical infrastructure, processing of biometric data, identification, legal regulation
JEL classifications
J53
, J58
URI
http://jssidoi.org/jesi/article/1058
DOI
Pages
133-150
Funding
This article was funded by the European Union’s Rights, Equality and Citizenship Programme (2014-2020)
This is an open access issue and all published articles are licensed under a
Creative Commons Attribution 4.0 International License
References
Abuelsamid, S. (2019). Digital voice assistants are the future of in-vehicle control, Automotive World https://www.automotiveworld.com/articles/digital-voice-assistants-are-the-future-of-in-vehicle-control/
Search via ReFindit
Act CCXXII of 2015 on the General Rules for Trust Services and Electronic Transactions, Section 35, https://net.jogtar.hu/jogszabaly?docid=a1500222.tv
Search via ReFindit
Act I of 2004 on the Sport, Sections 72, 72A, 72B, https://net.jogtar.hu/jogszabaly?docid=a0400001.tv
Search via ReFindit
Act I of 2012 on the Labour Code, Section 11, http://www.ommf.gov.hu/letoltes.php?d_id=8133
Search via ReFindit
Act No 483/2001 on Banks and on Amendments to Certain Acts, Section 93a (2), 483/2001 Z.z. - Zákon o bankách a o zmene a doplnen... - SLOV-LEX
Search via ReFindit
Act No 541/2004 on Peaceful Use of Nuclear Energy (the Atomic Act), Section 26 (6) and (7), 541/2004 Z.z. - Zákon o mierovom využívaní jadrovej... - SLOV-LEX
Search via ReFindit
Australian Government, Federal Register of Legislation, n.d. https://www.legislation.gov.au/Series/C2004A03712
Search via ReFindit
Backman, P., & Kennedy, C, n.d. Biometric Identifications and Privacy Concerns: A Canadian Perspective, https://www.airdberlis.com/docs/default-source/articles/biometric-identification-and-privacy-concerns.pdf?s
Search via ReFindit
Baggott, S., & Santos, J. (2020). A Risk Analysis Framework for Cyber Security and Critical Infrastructure Protection of the U.S. Electric Power Grid. Risk Analysis, 40(9), 1744-1761. . P. 1751 https://doi.org/10.1111/risa.13511
Search via ReFindit
Bloomberglaw. 2021. The Evolution of Biometric Data Privacy Laws. https://pro.bloomberglaw.com/brief/biometric-data-privacy-laws-and-lawsuits/
Search via ReFindit
Cavoukian, A., & Snijder, M.A. (2009). Discussion of Biometrics for Authentication Purposes: The Relevance of Untraceable Biometrics and Biometric Encryption, Information and Privacy Commissioner of Ontario, July 2009 https://doi.org/10.1007/978-3-642-12595-9_3
Search via ReFindit
Chan, H. L., Kuo, P. C., Cheng, C. Y., & Chen, Y. S. (2018). Challenges and future perspectives on electroencephalogram-based biometrics in person recognition. Frontiers in neuroinformatics, 12, 66. https://doi.org/10.3389/fninf.2018.00066
Search via ReFindit
Cleary Gottlieb Steen & Hamilton LLP. (2022). Cyber Incident Reporting for Critical Infrastructure Act Signed into Law, 18 March 2022, https://www.clearygottlieb.com/news-and-insights/publication-listing/cyber-incident-reporting-for-critical-infrastructure-act-signed-into-law
Search via ReFindit
Code regarding the protection of personal data, containing provisions for the adaptation of national law to (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, Article 2-septies, . https://www.garanteprivacy.it/documents/10160/0/Codice+in+materia+di+protezione+dei+dati+personali+%28Testo+coordinato%29
Search via ReFindit
Commission for Personal Data Protection, Bulgaria, https://www.cpdp.bg/
Search via ReFindit
Data Protection Commission, 2020 Annual Report, p 25, . https://www.dataprotection.ie/sites/default/files/uploads/2021-05/DPC%202020%20Annual%20Report%20%28English%29.pdf
Search via ReFindit
Dauda, S. Y., & Lee, J. (2015). Technology adoption: A conjoint analysis of consumers׳ preference on future online banking services. Information Systems, 53, 1-15. https://doi.org/10.1016/j.is.2015.04.006
Search via ReFindit
Economist. (2022). Which countries have pledged the most support to Ukraine?, 2 May 2022 (updated 15 June 2022), https://www.economist.com/graphic-detail/2022/05/02/which-countries-have-pledged-the-most-support-to-ukraine
Search via ReFindit
European Data Protection Board, Guidelines 3/2019 on processing of personal data through video devices, 29 January 2020, p 18, https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_201903_video_devices_en_0.pdf
Search via ReFindit
Global biometric system market revenue in 2020 and 2025, https://www.statista.com/statistics/1048705/worldwide-biometrics-market-revenue/
Search via ReFindit
Global Biometrics Market Report 2021: Market to Reach $44.1 Billion by 2026 - Increasing Significance of Biometrics Technology in Facilitating Contactless Passenger Journey Post-COVID-19 Pandemic, Research and Markets, 11 November 2021. https://doi.org/10.1016/j.fopow.2021.10.039
Search via ReFindit
Guidelines 05/2020 on consent under Regulation 2016/679, European Data Protection Board, https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_lt_0.pdf
Search via ReFindit
Healthcare: Global Market Trends for Biometrics. (2020). Global Biometrics in Healthcare Market, Forecast to 2024, https://www.panacearesearch.eu/watch/healthcare-global-market-trends-biometrics
Search via ReFindit
Hernández, A. (2020). Facial recognition in times of pandemic, Mobbeel https://www.mobbeel.com/en/blog/facial-recognition-in-times-of-pandemic/
Search via ReFindit
i-SCOOP, n.d. Facial recognition 2021 and beyond – trends and market https://www.i-scoop.eu/facial-recognition/
Search via ReFindit
Ian Commins. (2021). Using Biometrics: What’s the status in Australia, Privacy108. https://privacy108.com.au/insights/using-biometrics-in-australia/
Search via ReFindit
IAPP. (2021). Canadian authorities determine facial recognition firm violated privacy laws, https://iapp.org/news/a/canadian-authorities-determine-facial-recognition-firm-violated-privacy-laws/
Search via ReFindit
Identity verification market revenue from 2017 to 2027. (2022). https://www.statista.com/statistics/1036470/worldwide-identity-verification-market-revenue/
Search via ReFindit
Injunction Order against the Provincial Health Authority of Enna, 14 January 2021, No 9542071, . https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9542071
Search via ReFindit
Kindt, E. J. (2018). Having yes, using no? About the new legal regime for biometric data. Computer Law & Security Review, 34(3), 523-538. https://doi.org/10.1016/j.clsr.2017.11.004
Search via ReFindit
Kruszka L., Klósak M., & Muzolf, P. (2019). Critical Infrastructure Protection. NATO Science for Peace and Security series ? https://www.nato.int/cps/en/natohq/topics_168104.htm
Search via ReFindit
Lithuanian DPA: Fine Imposed on a Sports Club for Infringements of the GDPR in Processing of Fingerprints of the Customers and Employees. EDPB (2021). . https://edpb.europa.eu/news/national-news/2021/lithuanian-dpa-fine-imposed-sports-club-infringements-gdpr-processing_en
Search via ReFindit
LogRhythm. (2022). The state of the Security Team https://logrhythm.com/the-state-of-the-security-team/
Search via ReFindit
Lomas, N. (2021). Clearview AI told it broke Australia’s privacy law, ordered to delete data. November 3, 2021. https://techcrunch.com/2021/11/03/clearview-ai-australia-privacy-breach/
Search via ReFindit
Maglaras, L., Janicke, H., & Mohamed, A.F. (2022). Cybersecurity of Critical Infrastructures: Challenges and Solutions. Sensors, 22(14), 5105. https://doi.org/10.3390/s22145105
Search via ReFindit
MarketsandMarkets. 2022. Digital Signature Market by Component (Solutions and Services), Solution (Software and Hardware), Deployment Mode, Organization Size, Vertical (BFSI, Government, Healthcare and Life Sciences, Legal, Real Estate), and Region - Global Forecast to 2026 https://www.marketsandmarkets.com/Market-Reports/digital-signature-market-177504698.html?gclid=Cj0KCQjw3v6SBhCsARIsACyrRAmnKS9FjerLH2wwgfS79RwX1bT5WCqAAQmF62H3iw6mPUE_-6kraW0aAsYFEALw_wcB
Search via ReFindit
Meden, B., Rot, P., Terhörst, P., Damer, N., Kuijper, A., Scheirer, W. J., ... & Štruc, V. (2021). Privacy–enhancing face biometrics: A comprehensive survey. IEEE Transactions on Information Forensics and Security, 16, 4147-4183. https://doi.org/10.1109/TIFS.2021.3096024
Search via ReFindit
National Cybersecurity Strategy Good Practice, n.d. part 5.4, https://ncsguide.org/the-guide/good-practice/
Search via ReFindit
Noguchi M., & Ueda H. (2021). An Analysis of the Actual Status of Recent Cyberattacks on Critical Infrastructures. NEC Technical Journal, 16 https://www.nec.com/en/global/techrep/journal/g17/n02/170204.html
Search via ReFindit
North-Samardzic, A. (2020). Biometric technology and ethics: Beyond security applications. Journal of Business Ethics, 167(3), 433-450. https://doi.org/10.1007/s10551-019-04143-6
Search via ReFindit
Office of the Australian Information Commissioner (OAIC), 2022. Biometric scanning https://www.oaic.gov.au/privacy/your-privacy-rights/surveillance-and-monitoring/biometric-scanning
Search via ReFindit
Paganini, P. (2015). Cyber-Attack on Worldwide Nuclear Facilities, Infosec, https://resources.infosecinstitute.com/topic/cyber-attack-on-nuclear-facilities-worldwide-do-not-underestimate-the-risks/
Search via ReFindit
PANACEA, n.d. (Protection and privacy of hospital and health infrastructures with smArt Cyber sEcurity and cyber threat toolkit for data and people), https://www.panacearesearch.eu/
Search via ReFindit
Pascu, L. (2020). Biometric facial recognition hardware present in 90% of smartphones by 2024, Biometric Update, 7 January 2020, https://www.biometricupdate.com/202001/biometric-facial-recognition-hardware-present-in-90-of-smartphones-by-2024
Search via ReFindit
Privacy Handbook, B.C. (2015). Civil Liberties Association https://bccla.org/privacy-handbook/main-menu/privacy5contents/privacy5-13.html
Search via ReFindit
Procedimiento Nº: PS/00010/2021 https://www.aepd.es/es/documento/ps-00010-2021.pdf
Search via ReFindit
Psychology of Passwords: Expanded Digital Lives and Password (Mis)behaviors, LogMeIn, Inc., 2022, https://www.lastpass.com/-/media/9FE0BF5DC473413B8AB4DF3BD8688295.pdf
Search via ReFindit
Quinn, P. (2021). Research under the GDPR – a level playing field for public and private sector research? Life Sciences, Society & Policy, 17(1), 1-34. https://doi.org/10.1186/s40504-021-00111-z
Search via ReFindit
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), Article 9(2)(g), https://eur-lex.europa.eu/legal-content/LT/TXT/?uri=celex%3A32016R0679
Search via ReFindit
Relying on vendor mechanisms processing the biometric data for strong customer authentication; Multiple fingerprint samples stored on a mobile device and used for purpose of user authentication, EBA, 2019, https://www.eba.europa.eu/single-rule-book-qa/-/qna/view/publicId/2019_4651
Search via ReFindit
Report on existing remote on-boarding solutions in the banking sector: Assessment of risks and associated mitigating controls, including interoperability of the remote solutions - December 2019, European Commission Directorate-General for Financial Stability, Financial Services and Capital Markets Union European Commission, https://ec.europa.eu/info/sites/default/files/business_economy_euro/banking_and_finance/documents/report-on-existing-remote-on-boarding-solutions-in-the-banking-sector-december2019_en.pdf
Search via ReFindit
Robb, D. (2022). The Future of Biometrics in the Workplace, SHRM, 22 February 2022, . https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/the-future-biometrics-workplace.aspx
Search via ReFindit
Roshanaei, M. (2021). Resilience at the Core: Critical Infrastructure Protection Challenges, Priorities and Cybersecurity Assessment Strategies. Journal of Computer and Communications, 9(8). http://doi.org/10.4236/jcc.2021.98006
Search via ReFindit
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure, Cybersecurity & Infrastructure Security Agency, 20 April 2022, https://www.cisa.gov/uscert/ncas/alerts/aa22-110a
Search via ReFindit
Serrano, F., & Kazda, A. (2020). The future of airports post COVID-19. Journal of Air Transport Management, 89, 101900. https://doi.org/10.1016/j.jairtraman.2020.101900
Search via ReFindit
Smith, M., & Miller, S. (2022). The ethical application of biometric facial recognition technology. Ai & Society, 1-9. https://doi.org/10.1007/s00146-021-01199-9
Search via ReFindit
Statista. (2019). Facial recognition market size worldwide in selected years from 2019 to 2028, https://www.statista.com/statistics/1153970/worldwide-facial-recognition-revenue/
Search via ReFindit
Statista. (2023). Market share of smartphone fingerprint recognition solutions by technology from 2018 to 2022, https://www.statista.com/statistics/1003600/smartphone-fingerprint-recognition-technology-share/
Search via ReFindit
Statista. (2023). Voice recognition market size worldwide in 2020 and 2026, https://www.statista.com/statistics/1133875/global-voice-recognition-market-size/
Search via ReFindit
Swedish Authority for Privacy Protection 20 August 2019 decision Ref. No DI-2019-2221, . https://www.imy.se/globalassets/dokument/beslut/facial-recognition-used-to-monitor-the-attendance-of-students.pdf
Search via ReFindit
The National Supervisory Authority for Personal Data Processing. 2018 Annual Activity Report, pp. 15-17, . https://www.dataprotection.ro/servlet/ViewDocument?id=1757
Search via ReFindit
The Office of the Australian Information Commissioner (OAIC), Australian Community Attitudes to Privacy Survey 2020, September 2020. https://www.oaic.gov.au/engage-with-us/research/australian-community-attitudes-to-privacy-survey-2020-landing-page/2020-australian-community-attitudes-to-privacy-survey
Search via ReFindit
The Office of the Australian Information Commissioner (OAIC), Clearview AI breached Australians’ privacy, 3 November 2021. https://www.oaic.gov.au/updates/news-and-media/clearview-ai-breached-australians-privacy
Search via ReFindit
Tvaronavičienė M., Plėta T., Beretas, C., Lelešienė, L. (2022). Analysis of the critical infrastructure cyber security policy. Insights into Regional Development, 04(01), 26–39. . p. 1. https://doi.org/10.9770/IRD.2022.4.1(2)
Search via ReFindit
Van Canneyt, T. (2019). The use of biometric data in an employment context https://www.fieldfisher.com/en/services/privacy-security-and-information/privacy-security-and-information-law-blog/the-use-of-biometric-data-in-an-employment-context
Search via ReFindit
Van Natta, M., Chen, P., Herbek, S., Jain, R., Kastelic, N., Katz, E., ... & Vattikonda, N. (2020). The rise and regulation of thermal facial recognition technology during the COVID-19 pandemic. Journal of Law and the Biosciences, 7(1), lsaa038. https://doi.org/10.1093/jlb/lsaa038
Search via ReFindit
Weinberg, A. (2021). Analysis of top 11 cyber attacks on critical infrastructure https://www.firstpoint-mg.com/blog/analysis-of-top-11-cyber-attackson-critical-infrastructure/
Search via ReFindit
Wendehorst, C., & Duller, Y. (2021). Biometric Recognition and Behavioural Detection: Assessing the ethical aspects of biometric recognition and behavioural detection techniques with a focus on their current and future use in public spaces, Policy Department for Citizens’ Rights and Constitutional Affairs EN Directorate-General for Internal Policies PE 696.968, 696968_EN.pdf https://www.europarl.europa.eu/RegData/etudes/STUD/2021/696968/IPOL_STU(2021)
Search via ReFindit
Zimmerman, H. (2017). The data of you: Regulating private industry's collection of biometric information. U. Kan. L. Rev., 66, 637.
Search via ReFindit