The European Union’s institutional data protection watchdog has voiced ‘critical concerns’ about the European Parliament’s plans to install a biometric register that will allow EU lawmakers to collect their daily allowance and sign in for hearings on the Brussels premises.
In its written opinion on the plans, published on Monday (29 March), the European Data Protection Supervisor (EDPS), says its analysis has “shown some critical concerns that need to be addressed,” including the legal basis of the project and the need for Parliament to further explain the necessity of processing special categories of personal data.
Last year, the system was approved by the Bureau of the European Parliament, a body that lays down rules for Parliament, composed of a cross-section of MEPs from leading political groups, who backed plans for introducing the ‘biometric central attendance register,’ that would scan fingerprints to register members’ attendance.
However, the EPDS wants Parliament to explore alternative options for registering members’ attendance that “would not require the use of sensitive data.”
The body also states that should Parliament go ahead with the proposals, additional safeguards would have to be put in place to protect the data subject’s rights and legitimate interests, and the principle of data minimisation as outlined in the EU’s General Data Protection Regulation should be preserved.
The original plans to install a biometric attendance system go back to June 2019, when Parliament’s Bureau endorsed measures to develop a computerised system for the digitalisation of the central attendance registry, through biometric technology.
An earlier system for recording MEPs’ attendance had been trailed based on the registration of Parliamentary badges, but the results were deemed not to have been optimal by Parliament’s bureau because “the identification of the holder of the badge could not be guaranteed”.
The current project was presented to the Bureau last September by Parliament’s Directorate-General for Finance, the department responsible for managing the budget.
EURACTIV understands that an internal data protection impact assessment was conducted, but has to date remained closely guarded, despite consecutive freedom of information (FOI) requests.
One lawmaker who has faced obstacles in gaining more information on the project is Pirate MEP Patrick Breyer, who, as part of a recent FOI submission, was denied access to key documents that would shine a light on the data protection protocols put in place to ensure the security of the new system.
However, one document that was released showed that Parliament has an outlay of more than €100,000 to spend on the biometric register project, a fact which Breyer highlighted this week in disapproval.
“We shall not allow large-scale processing of biometrics to become a new normality,” he said in a written statement. “Also in times of a pandemic and in view of the financial sufferings of many citizens, we should know many more pressing needs for spending this much money.“
[Edited by Zoran Radosavljevic]