• Home /
• Analyses /
• 2018 /
• Fingerprints in identity cards: unnecessary and unjustified

Fingerprints in identity cards: unnecessary and unjustified

Topic

Country/Region

11 June 2018

In order to facilitate free movement within the EU, the introduction of some mandatory EU-wide standards for identity cards may well be justified – but the proposal to fingerprint 175 million people as part of that is irrelevant and unjustified, and should be rejected by the European Parliament and the Council when they begin discussing the Commission’s proposals on standardising national identity cards.

Introduction: biometric enthusiasm

The increasing use of biometric technology by both public and private institutions is impossible to ignore: from India’s colossal experiment with a national identity database^[1] and other government-mandated biometric identity schemes,^[2] to attempts to introduce fingerprint authentication for payment cards and facial recognition for entry to concerts,^[3] the development of new means of automatically identifying individuals based on supposedly unique and unchanging physical traits is proceeding rapidly.

The European Union (EU) is no stranger to these novelties. EU institutions and Member State governments have for years been enthusiastic in deploying and developing new biometric technologies, particularly through large-scale databases: Eurodac, the Visa Information System, the Schengen Information System and the recently-approved Entry/Exit System, all of which will have the biometric and biographical data they hold merged in a ‘Central Identity Repository’ if the ongoing “interoperability” proposals are agreed.^[4] In 2004 the bloc introduced mandatory biometric passports,^[5] while a swathe of research projects over the last decade have incorporated or examined biometrics in one way or another.^[6]

The latest in this long line of initiatives appeared in mid-April, with the European Commission’s publication of a proposal calling for the mandatory inclusion of biometrics (two fingerprints and a facial image) in all EU Member States’ identity cards.^[7] The proposal also includes a number of other measures that require critical attention;^[8] however, this analysis is solely concerned with the provisions concerning identity cards for EU nationals issued by EU Member States, and in particular the proposal to make the inclusion of fingerprints in those cards mandatory.

What’s the problem?

The Commission’s impact assessment sets out three main problems:

1. Insufficient acceptance of ID and residence documents in another Member State;
2. Document fraud and lack of authentication of ID and residence documents;
3. Complexity of issuance and administration of ID and residence documents.

The consequences of these problems for different “stakeholders” are then listed. For EU citizens:

• Burden and cost for mobile EU citizens and their family members (“mobile EU citizens” being those “who have exercised their right to freely move and reside within the EU”);
• Burden and cost for EU citizens and their family members when travelling; and
• Intra-EU mobility more difficult or expensive.

For public authorities:

• Threat to the security of the EU and its Member States; and
• Burdensome and costly administrative procedures.

This last point is also highlighted as a problem for the private sector.

An annex to the proposal provides further details on the problems and their consequences.^[9] With regard to security concerns, it highlights the use of fraudulent documents to enter the EU and detections of fraudulent documents used by non-EU nationals within the EU. In recent years the former has declined, while the latter has increased, although obviously statistics are only available on those documents detected by the authorities – as the annex states, the decline “could also be due to border guards being overwhelmed with the influx of irregular migrants and thus incapable of carrying out document checks systematically.”

Aims and scope of the proposal

With these problems in mind, the Commission aims to ensure “the security of travel documents and identity documents,” which it is foreseen will have two key benefits: “improve security within the EU and its borders,” and to “facilitate and promote the EU citizens’ and their family members’ right to move and reside freely within the EU.”^[10] It follows various high-level political statements on document security^[11] and follows in the footsteps of a number of other EU measures.^[12]

The proposal’s legal basis is Article 21 of the Treaty on the Functioning of the EU, concerning the free movement of EU citizens. Thus the primary objective of the measure is to facilitate free movement. The security objective is corollary to this, although it served to provide the headline when the Commission published the measures. The proposal was announced as part of a package billed as “denying terrorists the means to act,”^[13] and the accompanying summary underlines the contribution to “building genuine Security Union.”^[14]

Interestingly, the authors of a study carried out for the Commission highlighted the efficacy of security-based arguments in generating “political will for change” (emphasis added):

“our sense is that for national authorities it is the security aspect of harmonisation of ID cards and residence documents that tends to drive the debate with the arguments linked to facilitating free movement playing a secondary (but still very important) role, especially for citizens’ groups and the private sector.”^[15]

The foreseen rules would not oblige Member States to introduce any kind of national identity card – rather, it concerns those states that already issue such cards, whether they are compulsory or not (Annex I to this analysis contains an overview of the current situation in the Member States).^[16] Nor do the proposals foresee the establishment of any kind of database, either at EU or national level^[17] - although Member States may of course take the opportunity provided by the introduction of biometrics to establish national-level databases,^[18] which would in turn likely appear appetising for “linking up” under the interoperability initiative.^[19]

Despite these limits to the scope of the proposal, some 370 million people would be affected by it – almost 85% of the EU’s 440 million citizens. Those 370 million people are all the EU’s “potential ID card holders”, 175 million of whom would be subject to a new obligation to provide fingerprints for ID cards.[20] The remaining 195 million, who are already under such an obligation according to existing national law, would also be affected by the new measures – once introduced at EU level there would be no way to reverse requirements for fingerprints in ID cards through national measures alone.

Fingerprints: necessity and proportionality not demonstrated

Measures to enhance peoples’ ability to move freely within the EU and that genuinely seek to address terrorism and organised crime are, in principle, to be welcomed. However, there is no link between these two aspirations and the compulsory fingerprinting of 85% of the EU population. Even if there were, such a proposal would no doubt remain undesirable to many^[21] and in any case, the onus is on the European Commission to justify the necessity and proportionality of any proposed infringement on fundamental rights.^[22] As explained below, the impact assessment itself recognises that there is no such justification – yet the Commission decided, without any substantive reasoning, to ignore this in its legislative proposal.

The impact assessment refers to the Schwarz case, which was heard by the Court of Justice in 2012. Here, the court ruled that the mandatory inclusion of fingerprints in passports is justified in order “to prevent, inter alia, illegal entry into the European Union.”^[23] The impact assessment considers that:

“Under options ID 2) and ID 3) citizens will be required to provide their fingerprints when ID cards are requested. This obligation interferes with the fundamental rights to privacy and data protection. While in the Schwarz case the CJEU held that the interference with regard to passports is proportionate to the objective of maintaining security, in the context of ID cards the threshold for satisfying the necessity test may be higher, because ID cards are compulsory in some Member States in which fingerprints are not currently collected.”^[24] [emphasis added in all quotes

This is expanded upon elsewhere in the impact assessment:

“given that the ID cards serve more purposes than crossing the border and given the different traditions in Member States for the use of ID cards, it is not self-evident that the same conclusion [as in the Schwarz case] could be drawn.”^[25]

Thus, the impact assessment concluded that the policy option known as ID 1) was preferable:

“Although less effective than ID 2) [an option including mandatory fingerprinting], it is more efficient and proportional. ID 1) also address all specific objectives satisfactorily and leaves the Member States as much scope as possible for national decisions about a document that they regard as an ‘expression of the identity of their country’.”

The options set out in the Commission’s assessment are largely based on those examined in an extensive study carried out by the Centre for Strategy and Evaluation Services (CSES) between February 2016 and May 2017, which reached largely the same conclusions and “found little support among key stakeholders for going beyond [the preferred option], at least in the near future.”

The authors noted:

“We believe the preferred option strikes the right balance between not being too intrusive as regards different national approaches to ID and residence documents, and thereby respecting the principles of proportionality and subsidiarity, whilst also giving due consideration to making life easier for EU citizens and tackling security concerns that might otherwise not be addressed.”^[26]

The impact assessment sets out the measures that would be introduced by the preferred option:

“Firstly, it is required that the ID or identity card should actually be named as such (rather than other terms currently used in some Member States). Secondly, Member States shall require that ID cards are regularly renewed for security reasons. A maximum validity period of 10 years for ID cards is proposed (except where under national law facilitation for a specific age group is foreseen, i.e. senior citizens…).

This option also includes adopting a format with some common features such as the information on the card and minimum security features… Member States can however freely choose the colour of the ID card. Given the key objective to improve the security of ID cards as travel documents, a mandatory RFID chip including biometrics (facial image mandatory, fingerprints optional) is proposed.”^[27]

Yet at some point this conclusion was pushed aside, and a decision was made in favour of the mandatory inclusion of fingerprints. The Commission’s explanatory memorandum states:

“Mandatory fingerprints were added to the preferred option for identity cards in order to further increase effectiveness in terms of security. The inclusion of two biometric identifiers (facial image, fingerprints) will improve the identification of persons and align the level of document security of identity cards of EU citizens and residence cards issued to third country family members to the standards of, respectively, passports issued to EU citizens and residence permits issued to third country nationals who are not family members of EU citizens).”^[28]

This is the only attempt to justify this infringement of the right to privacy (aside from rather generic statements warning that poor document security “hampers the free movement of citizens and undermines security within borders”), and while it outlines the alleged effects of the proposed measure, it does not demonstrate its necessity or proportionality.

When asked by Statewatch by email for the reasoning behind the mandatory fingerprinting measures, the Commission responded by quoting the proposal. There has been no argument to suggest that the inclusion of fingerprints in identity cards is necessary or proportionate for the purpose of facilitating free movement – the primary objective of the measure and which serves as the proposed legal basis.

With regard to data protection, the proposal foresees a strong regime – for example, there will be no exemptions from any of the EU’s data protection rules, and the proposal explicitly prohibits Member States using the measures as a legal basis for national databases. Nevertheless, the mandatory inclusion of fingerprints would appear to run counter to the data minimisation principle, given that no evidence is presented to demonstrate the necessity of the data-gathering and processing in the first place.

The European Data Protection Supervisor, in a ‘toolkit’ on necessity designed “to help assessment of compliance of proposed measures with EU law on data protection”, stated that:

“Necessity implies the need for a combined, fact-based assessment of the effectiveness of the measure for the objective pursued and of whether it is less intrusive compared to other options for achieving the same goal.”^[29]

Such an assessment is precisely what was undertaken in the CSES study and the Commission’s impact assessment, but it seems demands for more ‘security’ have been given priority. If there is a reasoned case to be made for the mandatory inclusion of fingerprints in the identity cards of EU Member States, that case has not yet been made. Whether the Council and the Parliament will choose to take note of the proposal’s failure to justify one of its most contentious aspects remains to be seen.

Political backing

The proposal cites previous policy documents, such as Council conclusions, as providing the political impetus for the proposals, although none of these explicitly call for the inclusion of biometrics in identity documents.^[30] Indeed, a number of Member States are apparently not convinced of the need for any EU legal measures on identity documents:

“There are very mixed views on the scope for action at the EU level to promote harmonisation of ID cards. For instance, some of the national authorities (primarily Ministries of Interior in AT, CZ, HR, DK, NL, MT and PL) explicitly stated they did not see the necessity of a legislative measure on ID cards. In contrast, national authorities in some other countries (e.g. CY and EE) advocated EU measures to lay down minimum requirements with regard to key security features and the inclusion of biometrics to help prevent fraud.”^[31]

The question thus arises whether those Member States that “do not see the necessity of a legislative measure on ID cards” will, at the very least, oppose the more intrusive elements of the proposals when they are discussed in the Council.

The Commission also carried out a public consultation, which is summarised in an annex to the impact assessment but whose results are yet to be published in full. Almost 400 responses were received from EU citizens. Of those:

“a large majority wants strong (155 respondents) or even the strongest possible (141 respondents) security features to reduce the risk of fraud. Only 22 believe that strong security features are not essential to reduce the risk.”

However, given the apparent phrasing of the consultation,^[32] it has to be questioned whether referring explicitly to biometric security features – rather than simply “strong” or “the strongest” security features – would have elicited different responses.

Conclusion

As noted in a study on national identity schemes around the world: “The ability to formally identify oneself has increasingly become integral to many aspects of civic participation and inclusion.”^[33] This is equally the case in the EU, given the possibility for citizens of the bloc to move freely across its internal borders. In order to make this process easier, the introduction of some mandatory EU-wide standards for identity cards may well be justified – but the proposal to fingerprint 175 million people as part of that process is irrelevant and unjustified, and should be rejected by the European Parliament and the Council when they begin discussing the Commission’s proposals.

Chris Jones

Annex 1: ID documents and their features issued to individuals in Member States [1]

Country	Machine readable zone (MRZ) [2]	Chip	Biometrics		eID			Validity regime (in yrs)
P A P E R   C A R D
Greece [3]	No	No	No		No			15
Italy [4]	No	No	No		No			10 (18yrs+) 5 (minors) 3 (minors <3yrs)
L A M I N A T E D   P A P E R
France	No	No	No		No			15 (adults 18+) 10 (minors)
Romania [5]	Yes	No	No		No			Indefinite (55yrs+) 10 (25-54yrs) 7 (18-24yrs) 4 (minors 14-17yrs)
P L A S T I C   C A R D
Austria	Yes	No	No		No			10 (12yrs or older); 5 (minors 2-12yrs); 2 (minors 0-2yrs)
Belgium	Yes	Contact chip	IM, FP [6]		Yes			30 (over 75yrs) 10 (adults); 6 (minors 12-18yrs)
Bulgaria [7]	Yes	Contactless [8]	IM, FP		Yes			Indefinite (58yrs plus); 10 (18-57yrs); 4 (14-17yrs)
Croatia	Yes	Contact chip [9]	No		Yes			5
Cyprus	Yes	Contactless	IM, FP		No			10 (18yrs plus) 5 (minors)
Czech Republic	Yes	Contact chip	No		Yes (in preparation)			35 (over 70yrs) 10 (adults 15-70yrs) 5 (0-15yrs)
Estonia	Yes	Contact chip	No [10]		Yes			5 (or 1 yr card with no biometric data)
Finland	Yes	Contact chip	No		Yes			5
Germany	Yes	Contactless	IM, FP (optional)		Yes			10 (adults 24yrs+) 6 (under 24yrs)
Hungary	Yes	Contactless	IM, FP (on request)		Yes			Indefinite (over 65) 6 (18yrs+) 3 (minors)
Ireland	Yes	Contactless	IM		No			5 years
Italy [4]	Yes	Contactless	IM, FP		No			10 (18yrs+) 5 (minors) 3 (minors <3yrs)
Latvia	Yes	Both	IM, FP		Yes			5 (5yrs+) 2-5 (0-4yrs)
Lithuania	Yes	Both	IM, FP		Yes			10 (16yrs+) 5 (under 16yrs)
Luxembourg	Yes	Contactless	IM		Yes			10 (16yrs+) 5 (4-15yrs) 2 (0-3yrs)
Malta	Yes	Contact chip	No		Yes			10
Netherlands	Yes	Contactless	IM		Yes			10 (18yrs+) [11] 5 (minors)
Poland	Yes	No [12]	No		No			10 (18yrs+) 10 (minors 5yrs+) 5 (minors 0-4yrs)
Portugal	Yes	Contact chip	IM, FP		Yes			5
Slovakia	Yes	Contact chip	No		Yes			10 (indefinite for those over 60yrs)
Slovenia	Yes	No	No		No			Indefinite (70yrs+) 10 (18-70yrs) 5 (3-17yrs) 3 (0-2yrs)
Spain	Yes	Both	IM, FP		Yes			Indefinite (>70yrs) 10 (30-69yrs) 5 (5-29yrs) 2 (minors 0-4yrs)
Sweden	Yes	Contact chip	IM		No			5
Source: Table 2.2, Annex 5, European Commission impact assessment, pp.104-5 Legend:  IM: facial image, FP: fingerprint
[1] Note: DK and UK do not issue ID cards.
[2] According to ICAO.
[3] Based on reports the legislation will be enacted in 2017 followed by an open tendering process. Issuance of the new ID card may start in 2019.
[4] From April 2017, 549  communes  have started  to deliver a plastic card, covering  around  50% of the population (more than 7600 communes in IT)
[5] Romania is currently in the process of introducing an electronic ID card including biometrics accessible through a contactless chip.
[6] Ministerial decision from 14/5/2017, yet to be implemented, from 2019 (no database).
[7] New card will be introduced in 2018 which is taken into account in the present table.
[8] Contactless chip can be wirelessly accessed.
[9] With iris print.
[10] There is a connection to a database where biometric facial images are stored.
[11] For cards first issued 09.03.2014. Two previous ID card models are still in circulation. (1) NLD-BO-03001: card first issued 09.10.2011. Valid maximum 5 years, not valid after 08.03.2019. (2) NLD-BO-02001: card first issued 26.08.2006. Not valid after 08.10.2016.
[12] We are awaiting confirmation on the precise capabilities of the current PL ID card.

 

Endnotes

[1] Padmaparna Ghosh, ‘What Is It Like To Live In The World’s Biggest Experiment In Biometric Identity?’, Huffington Post, 13 February 2018, http://www.huffingtonpost.in/2018/02/13/what-is-it-like-to-live-in-the-world-s-biggest-experiment-in-biometric-identity_a_23359983/

[2] International Telecommunication Union, ‘Review of National Identity Programs’, 2016, http://statewatch.org/news/2018/feb/itu-review-of-national-identity-programmes-2016.pdf

[3] Matt Burgess, ‘Your next bank card will have a fingerprint scanner built-in’, Wired, 2 May 2018, http://www.wired.co.uk/article/mastercard-biometric-card-testing-visa-gemalto-scanner-fingerprint-trial; Lawrence Abrams, ‘Ticketmaster To Use Facial Recognition In Place of Tickets for Venue Entry’, Bleeping Computer, 7 May 2018, https://www.bleepingcomputer.com/news/business/ticketmaster-to-use-facial-recognition-in-place-of-tickets-for-venue-entry/

[4] ‘"Interoperability": Plans to link all Justice & Home Affairs databases into one centralised system’, Statewatch News Online, 17 December 2017, http://www.statewatch.org/news/2017/dec/eu-com-introp-central-databses.htm

[5] ‘Integration of biometric features in passports and travel documents’, EUR-Lex, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=LEGISSUM:l14154

[6] See the report ‘Market Forces’ for further information on a number of these: http://statewatch.org/marketforces/

[7] The full set of “mandatory elements” of data to be included in identity cards under the proposals – prior to the inclusion of fingerprints in the requirements – is set out in Annex 7 of the Commission’s impact assessment:

1. The title of the document (‘ID card’ or ‘identity card’) shall appear in the language(s) of the issuing Member State. Repetition of the document title in at least one other (maximum two) official languages of the institutions of the Union, in order to facilitate the recognition of the card as ID card.
2. Format ID-1 including positioning of data fields according to ICAO [International Civil Aviation Organisation].
3. Substrate and printing techniques according to ICAO.
4. Contactless chip (including facial image).
5. The ICAO "Chip inside" symbol for a machine-readable travel document with a contactless integrated circuit (microchip) that can be used for biometric identification of the holder.
6. Machine-readable zone (MRZ). The machine-readable zone shall conform to the relevant ICAO specifications set out in ICAO Document 9303 on machine-readable travel documents.
7. Security features (conform to the ICAO Doc 9303).
8. The three-letter country code of the issuing Member State.
9. The document number.
10. The Card Access Number (CAN).
11. Name: surname(s) and forename(s), in that order.
12. Sex.
13. Nationality.
14. The expiry date of the document.
15. Date of birth.
16. Place of birth.
17. Date of issue, place of issue/issuing authority: the date and place of issue of the ID card.
18. Signature of the holder.
19. An identity photograph shall be securely integrated into the card body.

[8] If approved in its current form, the proposal would also extend EU requirements for the fingerprinting of children, already required for short-stay visa applicants and under discussion for ‘irregular’ or asylum-seeking children, to those who hold residence documents by virtue of being members of the family of a non-EU national residing legally in the EU. Children aged 12 and over are currently fingerprinted for short-stay visas, with their data held in the Visa Information System (VIS). The Commission is interested in lowering that age to six. See: Consultation on lowering the fingerprinting age for children in the visa procedure from 12 years to 6 years, https://ec.europa.eu/home-affairs/content/consultation-lowering-fingerprinting-age-children-visa-procedure-12-years-6-years_en. Children aged six and up who are ‘irregularly present’ in a Member State or who apply for international protection will have their fingerprints entered in the Eurodac system, if a proposal currently under discussions is agreed. The current age is 14. There is significant controversy over the possible use of coercion to obtain children’s fingerprints. See: EU mulls coercion to get refugee kids' fingerprints, EUobserver, 20 March 2017, https://euobserver.com/migration/141372; EU wrestles with plan to force fingerprinting of migrant children, Politico, 25 April 2018, https://www.politico.eu/article/eu-plan-fingerprint-migrant-children-forcibly/

[9] Annex 6 to the impact assessment, SWD(2018) 110 final, pp.109-120

[10] Impact assessment, p.20. More specific objectives are also provided: “to reduce document fraud, to improve the acceptance and authentication of the ID and residence documents and improve the identification of people based on them.” Further, “to raise awareness among citizens, national authorities and the private sector about the documents issued, and the right to free movement linked to them.” Finally, “to simplify daily life for EU citizens, cut red tape and lower costs for both citizens and private and public entities, by reducing administrative barriers… related to the use of ID cards and residence documents”.

[11] Such as the Commission’s Action Plan on document security (December 2016) and Council Conclusions on the Commission Action Plan to strengthen the European response to travel document fraud (March 2017).

[12] Such as those on biometric passports and travel documents issued by Member States, uniform visa formats and the format and security of residence permits provided to non-EU nationals.

[13] European Commission press release, ‘Security Union: Commission presents new measures to deny terrorists and criminals the means and space to act’, 17 April 2018, http://www.statewatch.org/news/2018/apr/eu-com-security-union-measures-denying-terrorists-pr-17-4-18.pdf

[14] European Commission, Proposal for a Regulation on strengthening the security of identity cards of Union citizens and of residence documents issued to Union citizens and their family members exercising their right of free movement, COM(2018) 212 final, 17 April 2018, p.1, http://www.statewatch.org/news/2018/apr/eu-com-security-union-identity-cards-residence-docs-com-2018-212.pdf

[15] Centre for Strategy and Evaluation Services (CSES), ‘Study to Support the Preparation of an Impact Assessment on EU Policy Initiatives on Residence and Identity Documents to Facilitate the Exercise of the Right of Free Movement’, August 2017, p.183, https://ec.europa.eu/info/sites/info/files/dg_just_final_report_id_cards_and_residence_docs_cses_28_august_2017_2.pdf

[16] Of the 28 EU Member States, only Denmark and the UK do not issue identity cards. Of the 26 who do, possession of such a card is compulsory in 15 Member States. Section 2.3 of the CSES report contains further information on the types of ID cards and residence documents issued by national authorities.

[17] A footnote in the impact assessment (p.51) states: “Storing all data in a central database at the EU level should be discounted from the outset: currently many Member States do not even have central registries for their own citizens, and such a centralised store would raise great data protection concerns.” These concerns, however, do not appear to have been a particular issue for the Commission in its current proposals to make large-scale EU databases “interoperable”, part of which will involve the establishment of a central database of biometric and biographical data on non-EU nationals (the ‘Central Identity Repository’ or CIR), which will eventually contain data on almost all non-EU nationals regularly present in the Schengen area. The Commission and the Council are also mooting the idea of interlinking national-level networked databases (such as those in the Prüm or PNR systems), which would bring EU nationals into the interoperability agenda as well.

[18] A previous Netherlands administration attempted to introduce a centralised biometric database whilst implementing the EU measures on biometric passports, although the proposals were subsequently defeated. This was the issue under examination in the CJEU case Willems. See: ‘Biometric data and data protection law: the CJEU loses the plot’, EU Law Analysis, 17 April 2015, https://eulawanalysis.blogspot.com/2015/04/biometric-data-and-data-protection-law.html

[19] European Commission, ‘Proposal for a Regulation on establishing a framework for interoperability between EU information systems (borders and visa)’, COM(2017) 793 final, 12 December 2017, p.5, http://www.statewatch.org/news/2017/dec/e-com-793-interop-regulation-borders-visas.pdf

[20] There are 16 states that would be subject to this new obligation, according to the information compiled by the Commission: Austria, Croatia, Czech Republic, Finland, France, Greece, Ireland, Italy, Luxembourg, Malta, Netherlands, Poland, Romania, Slovakia, Slovenia and Sweden.

[21] There is little data on what EU citizens think of fingerprinting in general. A 2011 Eurobarometer established that 64% of respondents to a survey consider fingerprints to be personal data – something that today seems it would be impossible to even question. The Fundamental Rights Agency has carried out surveys with non-EU nationals travelling to the Schengen area found that: “Almost 60% of respondents are comfortable with providing their fingerprints when crossing borders. Most don’t feel that providing their fingerprints compromises their right to privacy (47%) and to dignity (70%). However, over a fifth people found fingerprinting to be intrusive and humiliating.” See: Do travellers to the EU trust fingerprinting?, 14 December 2015, http://fra.europa.eu/en/news/2015/do-travellers-eu-trust-fingerprinting

[22] As required by Article 52 of the Charter: “Any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law and respect the essence of those rights and freedoms. Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.”

[23] Case C-291/12, 17 October 2013, para. 37

[24] European Commission impact assessment, SWD(2018) 110 final, p.52, http://www.statewatch.org/news/2018/apr/eu-com-security-union-identity-cards-residence-docs-ia-swd-2018-110.pdf

[25] Impact assessment, p.60

[26] CSES, op. cit., p.vi

[27] Impact assessment, p.28

[28] Proposal for a Regulation, p.6

[29] European Data Protection Supervisor, ‘Necessity toolkit on assessing the necessity of measures that limit the fundamental right to the protection of personal data’, 11 April 2017, https://edps.europa.eu/data-protection/our-work/publications/papers/necessity-toolkit_en

[30] See footnote 10.

[31] Impact assessment, p.69

[32] “An identity card can be used for travel and identification purposes throughout the EU. Which of the following statements do you agree most with?” The options for responding were: Strong security features are unnecessary. I’m not worried about document fraud or identity theft; The strongest possible security features are needed to reduce the risk of document fraud and identity; Strong security features are essential to reduce the risk of document fraud and identity theft.

[33] International Telecommunication Union, op. cit. There is of course a flipside to this, in that schemes designed to facilitate inclusion of certain people through formal identification are also designed to exclude certain people. Furthermore, the “ability to formally identify oneself” is of course not available to the vast number of people obliged to exist without formal papers. Debates over the pros and cons of national identity cards should not obscure more profound questions over the way people are excluded from or entitled to certain rights and benefits on the basis of their ability to match their body to information held on a card or in a database.