The European Union’s parliament voted to create a biometric database of over 350 million people.
The Common Identity Repository, or CIR, will consolidate the data from the EU’s border, migration, and law enforcement agencies into one system to be quickly accessible and searchable by any or all of them. Information will include names, birthdates, passport numbers as well as fingerprints and face scans.
While the CIR’s purpose is to eliminate several bottlenecks currently affecting border control and law enforcement, many are concerned about its privacy and security implications.
“[U]nlike other personal data, biometric data are neither given by a third party nor chosen by the individual; they are immanent to the body itself and refer uniquely and permanently to a person,” wrote the European Data Protection Supervisor, an independent EU institution responsible for advising on matters of privacy and security, in an opinion document on the Repository.
“[T]he consequences of any data breach affecting the CIR could seriously harm a potentially large number of individuals. If it ever falls into the wrong hands, the CIR could become a dangerous tool against fundamental rights if it is not surrounded by strict and sufficient legal, technical, and organizational safeguards,” the EDPS continued.
Once deployed, the CIR will be the third largest government biometric database in the world, right behind India’s Aadhaar and the Chinese government’s tracking systems. With the Aadhaar’s history of breaches and recent revelations about Chinese government tracking ethnic and religious minorities, there seems to be plenty cause for alarm here.