ESC
Clarivate

 
Source: Journal Citation ReportsTM from ClarivateTM 2022

Entrepreneurship and Sustainability Issues Open access
Journal Impact FactorTM (2022) 1.7
Journal Citation IndicatorTM (2022) 0.42
Received: 2022-11-11  |  Accepted: 2023-02-08  |  Published: 2023-03-30

Title

The use of biometric technologies in ensuring critical infrastructure security: the context of protecting personal data


Abstract

The article examines aspects of the use of biometric technologies and the protection of personal data as it relates to the protection of critical infrastructure in the state. The use of biometric technologies for the protection of critical infrastructure is examined in this article through employee identification to establish the identity of employees unequivocally, for example, when entering such infrastructure facilities. The EU General Data Protection Regulation (GDPR) sets specific conditions for processing biometric data. Still, the relevant data controllers often have problems finding the appropriate basis for processing, especially in the context of GDPR Article 9. The authors, having examined the conditions for the processing of biometric data, propose introducing a particular legal framework for the processing of biometric data as far as it relates to the protection of critical infrastructure.


Keywords

General Data Protection Regulation, data protection, biometric technologies, protection of critical infrastructure, processing of biometric data, identification, legal regulation


JEL classifications

J53 , J58


URI

http://jssidoi.org/jesi/article/1058


DOI


Pages

133-150


Funding

This article was funded by the European Union’s Rights, Equality and Citizenship Programme (2014-2020)

This is an open access issue and all published articles are licensed under a
Creative Commons Attribution 4.0 International License

Authors

Štitilis, Darius
Mykolas Romeris University, Vilnius, Lithuania https://www.mruni.eu
Articles by this author in: CrossRef |  Google Scholar

Laurinaitis, Marius
Mykolas Romeris University, Vilnius, Lithuania https://www.mruni.eu
Articles by this author in: CrossRef |  Google Scholar

Verenius, Egidijus
State Data Protection Inspectorate, Vilnius, Lithuania https://vdai.lrv.lt
Articles by this author in: CrossRef |  Google Scholar

Journal title

Entrepreneurship and Sustainability Issues

Volume

10


Number

3


Issue date

March 2023


Issue DOI


ISSN

ISSN 2345-0282 (online)


Publisher

VšĮ Entrepreneurship and Sustainability Center, Vilnius, Lithuania

Cited

Google Scholar

Article views & downloads

HTML views: 1801  |  PDF downloads: 452

References


Abuelsamid, S. (2019). Digital voice assistants are the future of in-vehicle control, Automotive World https://www.automotiveworld.com/articles/digital-voice-assistants-are-the-future-of-in-vehicle-control/

Search via ReFindit


Act CCXXII of 2015 on the General Rules for Trust Services and Electronic Transactions, Section 35, https://net.jogtar.hu/jogszabaly?docid=a1500222.tv

Search via ReFindit


Act I of 2004 on the Sport, Sections 72, 72A, 72B, https://net.jogtar.hu/jogszabaly?docid=a0400001.tv

Search via ReFindit


Act I of 2012 on the Labour Code, Section 11, http://www.ommf.gov.hu/letoltes.php?d_id=8133

Search via ReFindit


Act No 483/2001 on Banks and on Amendments to Certain Acts, Section 93a (2), 483/2001 Z.z. - Zákon o bankách a o zmene a doplnen... - SLOV-LEX

Search via ReFindit


Act No 541/2004 on Peaceful Use of Nuclear Energy (the Atomic Act), Section 26 (6) and (7), 541/2004 Z.z. - Zákon o mierovom využívaní jadrovej... - SLOV-LEX

Search via ReFindit


Australian Government, Federal Register of Legislation, n.d. https://www.legislation.gov.au/Series/C2004A03712

Search via ReFindit


Backman, P., & Kennedy, C, n.d. Biometric Identifications and Privacy Concerns: A Canadian Perspective, https://www.airdberlis.com/docs/default-source/articles/biometric-identification-and-privacy-concerns.pdf?s

Search via ReFindit


Baggott, S., & Santos, J. (2020). A Risk Analysis Framework for Cyber Security and Critical Infrastructure Protection of the U.S. Electric Power Grid. Risk Analysis, 40(9), 1744-1761. . P. 1751 https://doi.org/10.1111/risa.13511

Search via ReFindit


Bloomberglaw. 2021. The Evolution of Biometric Data Privacy Laws. https://pro.bloomberglaw.com/brief/biometric-data-privacy-laws-and-lawsuits/

Search via ReFindit


Cavoukian, A., & Snijder, M.A. (2009). Discussion of Biometrics for Authentication Purposes: The Relevance of Untraceable Biometrics and Biometric Encryption, Information and Privacy Commissioner of Ontario, July 2009 https://doi.org/10.1007/978-3-642-12595-9_3

Search via ReFindit


Chan, H. L., Kuo, P. C., Cheng, C. Y., & Chen, Y. S. (2018). Challenges and future perspectives on electroencephalogram-based biometrics in person recognition. Frontiers in neuroinformatics, 12, 66. https://doi.org/10.3389/fninf.2018.00066

Search via ReFindit


Cleary Gottlieb Steen & Hamilton LLP. (2022). Cyber Incident Reporting for Critical Infrastructure Act Signed into Law, 18 March 2022, https://www.clearygottlieb.com/news-and-insights/publication-listing/cyber-incident-reporting-for-critical-infrastructure-act-signed-into-law

Search via ReFindit


Code regarding the protection of personal data, containing provisions for the adaptation of national law to (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, Article 2-septies, . https://www.garanteprivacy.it/documents/10160/0/Codice+in+materia+di+protezione+dei+dati+personali+%28Testo+coordinato%29

Search via ReFindit


Commission for Personal Data Protection, Bulgaria, https://www.cpdp.bg/

Search via ReFindit


Data Protection Commission, 2020 Annual Report, p 25, . https://www.dataprotection.ie/sites/default/files/uploads/2021-05/DPC%202020%20Annual%20Report%20%28English%29.pdf

Search via ReFindit


Dauda, S. Y., & Lee, J. (2015). Technology adoption: A conjoint analysis of consumers׳ preference on future online banking services. Information Systems, 53, 1-15. https://doi.org/10.1016/j.is.2015.04.006

Search via ReFindit


Economist. (2022). Which countries have pledged the most support to Ukraine?, 2 May 2022 (updated 15 June 2022), https://www.economist.com/graphic-detail/2022/05/02/which-countries-have-pledged-the-most-support-to-ukraine

Search via ReFindit


European Data Protection Board, Guidelines 3/2019 on processing of personal data through video devices, 29 January 2020, p 18, https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_201903_video_devices_en_0.pdf

Search via ReFindit


Global biometric system market revenue in 2020 and 2025, https://www.statista.com/statistics/1048705/worldwide-biometrics-market-revenue/

Search via ReFindit


Global Biometrics Market Report 2021: Market to Reach $44.1 Billion by 2026 - Increasing Significance of Biometrics Technology in Facilitating Contactless Passenger Journey Post-COVID-19 Pandemic, Research and Markets, 11 November 2021. https://doi.org/10.1016/j.fopow.2021.10.039

Search via ReFindit


Guidelines 05/2020 on consent under Regulation 2016/679, European Data Protection Board, https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_lt_0.pdf

Search via ReFindit


Healthcare: Global Market Trends for Biometrics. (2020). Global Biometrics in Healthcare Market, Forecast to 2024, https://www.panacearesearch.eu/watch/healthcare-global-market-trends-biometrics

Search via ReFindit


Hernández, A. (2020). Facial recognition in times of pandemic, Mobbeel https://www.mobbeel.com/en/blog/facial-recognition-in-times-of-pandemic/

Search via ReFindit


i-SCOOP, n.d. Facial recognition 2021 and beyond – trends and market https://www.i-scoop.eu/facial-recognition/

Search via ReFindit


Ian Commins. (2021). Using Biometrics: What’s the status in Australia, Privacy108. https://privacy108.com.au/insights/using-biometrics-in-australia/

Search via ReFindit


IAPP. (2021). Canadian authorities determine facial recognition firm violated privacy laws, https://iapp.org/news/a/canadian-authorities-determine-facial-recognition-firm-violated-privacy-laws/

Search via ReFindit


Identity verification market revenue from 2017 to 2027. (2022). https://www.statista.com/statistics/1036470/worldwide-identity-verification-market-revenue/

Search via ReFindit


Injunction Order against the Provincial Health Authority of Enna, 14 January 2021, No 9542071, . https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9542071

Search via ReFindit


Kindt, E. J. (2018). Having yes, using no? About the new legal regime for biometric data. Computer Law & Security Review, 34(3), 523-538. https://doi.org/10.1016/j.clsr.2017.11.004

Search via ReFindit


Kruszka L., Klósak M., & Muzolf, P. (2019). Critical Infrastructure Protection. NATO Science for Peace and Security series ? https://www.nato.int/cps/en/natohq/topics_168104.htm

Search via ReFindit


Lithuanian DPA: Fine Imposed on a Sports Club for Infringements of the GDPR in Processing of Fingerprints of the Customers and Employees. EDPB (2021). . https://edpb.europa.eu/news/national-news/2021/lithuanian-dpa-fine-imposed-sports-club-infringements-gdpr-processing_en

Search via ReFindit


LogRhythm. (2022). The state of the Security Team https://logrhythm.com/the-state-of-the-security-team/

Search via ReFindit


Lomas, N. (2021). Clearview AI told it broke Australia’s privacy law, ordered to delete data. November 3, 2021. https://techcrunch.com/2021/11/03/clearview-ai-australia-privacy-breach/

Search via ReFindit


Maglaras, L., Janicke, H., & Mohamed, A.F. (2022). Cybersecurity of Critical Infrastructures: Challenges and Solutions. Sensors, 22(14), 5105. https://doi.org/10.3390/s22145105

Search via ReFindit


MarketsandMarkets. 2022. Digital Signature Market by Component (Solutions and Services), Solution (Software and Hardware), Deployment Mode, Organization Size, Vertical (BFSI, Government, Healthcare and Life Sciences, Legal, Real Estate), and Region - Global Forecast to 2026 https://www.marketsandmarkets.com/Market-Reports/digital-signature-market-177504698.html?gclid=Cj0KCQjw3v6SBhCsARIsACyrRAmnKS9FjerLH2wwgfS79RwX1bT5WCqAAQmF62H3iw6mPUE_-6kraW0aAsYFEALw_wcB

Search via ReFindit


Meden, B., Rot, P., Terhörst, P., Damer, N., Kuijper, A., Scheirer, W. J., ... & Štruc, V. (2021). Privacy–enhancing face biometrics: A comprehensive survey. IEEE Transactions on Information Forensics and Security, 16, 4147-4183. https://doi.org/10.1109/TIFS.2021.3096024

Search via ReFindit


National Cybersecurity Strategy Good Practice, n.d. part 5.4, https://ncsguide.org/the-guide/good-practice/

Search via ReFindit


Noguchi M., & Ueda H. (2021). An Analysis of the Actual Status of Recent Cyberattacks on Critical Infrastructures. NEC Technical Journal, 16 https://www.nec.com/en/global/techrep/journal/g17/n02/170204.html

Search via ReFindit


North-Samardzic, A. (2020). Biometric technology and ethics: Beyond security applications. Journal of Business Ethics, 167(3), 433-450. https://doi.org/10.1007/s10551-019-04143-6

Search via ReFindit


Office of the Australian Information Commissioner (OAIC), 2022. Biometric scanning https://www.oaic.gov.au/privacy/your-privacy-rights/surveillance-and-monitoring/biometric-scanning

Search via ReFindit


Paganini, P. (2015). Cyber-Attack on Worldwide Nuclear Facilities, Infosec, https://resources.infosecinstitute.com/topic/cyber-attack-on-nuclear-facilities-worldwide-do-not-underestimate-the-risks/

Search via ReFindit


PANACEA, n.d. (Protection and privacy of hospital and health infrastructures with smArt Cyber sEcurity and cyber threat toolkit for data and people), https://www.panacearesearch.eu/

Search via ReFindit


Pascu, L. (2020). Biometric facial recognition hardware present in 90% of smartphones by 2024, Biometric Update, 7 January 2020, https://www.biometricupdate.com/202001/biometric-facial-recognition-hardware-present-in-90-of-smartphones-by-2024

Search via ReFindit


Privacy Handbook, B.C. (2015). Civil Liberties Association https://bccla.org/privacy-handbook/main-menu/privacy5contents/privacy5-13.html

Search via ReFindit


Procedimiento Nº: PS/00010/2021 https://www.aepd.es/es/documento/ps-00010-2021.pdf

Search via ReFindit


Psychology of Passwords: Expanded Digital Lives and Password (Mis)behaviors, LogMeIn, Inc., 2022, https://www.lastpass.com/-/media/9FE0BF5DC473413B8AB4DF3BD8688295.pdf

Search via ReFindit


Quinn, P. (2021). Research under the GDPR – a level playing field for public and private sector research? Life Sciences, Society & Policy, 17(1), 1-34. https://doi.org/10.1186/s40504-021-00111-z

Search via ReFindit


Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), Article 9(2)(g), https://eur-lex.europa.eu/legal-content/LT/TXT/?uri=celex%3A32016R0679

Search via ReFindit


Relying on vendor mechanisms processing the biometric data for strong customer authentication; Multiple fingerprint samples stored on a mobile device and used for purpose of user authentication, EBA, 2019, https://www.eba.europa.eu/single-rule-book-qa/-/qna/view/publicId/2019_4651

Search via ReFindit


Report on existing remote on-boarding solutions in the banking sector: Assessment of risks and associated mitigating controls, including interoperability of the remote solutions - December 2019, European Commission Directorate-General for Financial Stability, Financial Services and Capital Markets Union European Commission, https://ec.europa.eu/info/sites/default/files/business_economy_euro/banking_and_finance/documents/report-on-existing-remote-on-boarding-solutions-in-the-banking-sector-december2019_en.pdf

Search via ReFindit


Robb, D. (2022). The Future of Biometrics in the Workplace, SHRM, 22 February 2022, . https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/the-future-biometrics-workplace.aspx

Search via ReFindit


Roshanaei, M. (2021). Resilience at the Core: Critical Infrastructure Protection Challenges, Priorities and Cybersecurity Assessment Strategies. Journal of Computer and Communications, 9(8). http://doi.org/10.4236/jcc.2021.98006

Search via ReFindit


Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure, Cybersecurity & Infrastructure Security Agency, 20 April 2022, https://www.cisa.gov/uscert/ncas/alerts/aa22-110a

Search via ReFindit


Serrano, F., & Kazda, A. (2020). The future of airports post COVID-19. Journal of Air Transport Management, 89, 101900. https://doi.org/10.1016/j.jairtraman.2020.101900

Search via ReFindit


Smith, M., & Miller, S. (2022). The ethical application of biometric facial recognition technology. Ai & Society, 1-9. https://doi.org/10.1007/s00146-021-01199-9

Search via ReFindit


Statista. (2019). Facial recognition market size worldwide in selected years from 2019 to 2028, https://www.statista.com/statistics/1153970/worldwide-facial-recognition-revenue/

Search via ReFindit


Statista. (2023). Market share of smartphone fingerprint recognition solutions by technology from 2018 to 2022, https://www.statista.com/statistics/1003600/smartphone-fingerprint-recognition-technology-share/

Search via ReFindit


Statista. (2023). Voice recognition market size worldwide in 2020 and 2026, https://www.statista.com/statistics/1133875/global-voice-recognition-market-size/

Search via ReFindit


Swedish Authority for Privacy Protection 20 August 2019 decision Ref. No DI-2019-2221, . https://www.imy.se/globalassets/dokument/beslut/facial-recognition-used-to-monitor-the-attendance-of-students.pdf

Search via ReFindit


The National Supervisory Authority for Personal Data Processing. 2018 Annual Activity Report, pp. 15-17, . https://www.dataprotection.ro/servlet/ViewDocument?id=1757

Search via ReFindit


The Office of the Australian Information Commissioner (OAIC), Australian Community Attitudes to Privacy Survey 2020, September 2020. https://www.oaic.gov.au/engage-with-us/research/australian-community-attitudes-to-privacy-survey-2020-landing-page/2020-australian-community-attitudes-to-privacy-survey

Search via ReFindit


The Office of the Australian Information Commissioner (OAIC), Clearview AI breached Australians’ privacy, 3 November 2021. https://www.oaic.gov.au/updates/news-and-media/clearview-ai-breached-australians-privacy

Search via ReFindit


Tvaronavičienė M., Plėta T., Beretas, C., Lelešienė, L. (2022). Analysis of the critical infrastructure cyber security policy. Insights into Regional Development, 04(01), 26–39. . p. 1. https://doi.org/10.9770/IRD.2022.4.1(2)

Search via ReFindit


Van Canneyt, T. (2019). The use of biometric data in an employment context https://www.fieldfisher.com/en/services/privacy-security-and-information/privacy-security-and-information-law-blog/the-use-of-biometric-data-in-an-employment-context

Search via ReFindit


Van Natta, M., Chen, P., Herbek, S., Jain, R., Kastelic, N., Katz, E., ... & Vattikonda, N. (2020). The rise and regulation of thermal facial recognition technology during the COVID-19 pandemic. Journal of Law and the Biosciences, 7(1), lsaa038. https://doi.org/10.1093/jlb/lsaa038

Search via ReFindit


Weinberg, A. (2021). Analysis of top 11 cyber attacks on critical infrastructure https://www.firstpoint-mg.com/blog/analysis-of-top-11-cyber-attackson-critical-infrastructure/

Search via ReFindit


Wendehorst, C., & Duller, Y. (2021). Biometric Recognition and Behavioural Detection: Assessing the ethical aspects of biometric recognition and behavioural detection techniques with a focus on their current and future use in public spaces, Policy Department for Citizens’ Rights and Constitutional Affairs EN Directorate-General for Internal Policies PE 696.968, 696968_EN.pdf https://www.europarl.europa.eu/RegData/etudes/STUD/2021/696968/IPOL_STU(2021)

Search via ReFindit


Zimmerman, H. (2017). The data of you: Regulating private industry's collection of biometric information. U. Kan. L. Rev., 66, 637.

Search via ReFindit