With the introduction of the “Common Biometric Matching Service” (sBMS), the European Union has taken another step towards comprehensive monitoring and internal control. The new service, which stores biometric templates of 400 million EU citizens, was presented as a measure to improve border controls, visa and asylum applications. However, the introduction of such a system raises serious concerns about data protection, privacy and the increasing centralization of power.
The storage and reconciliation of biometric data, such as fingerprints and facial images, in a centralised system affects citizens’ fundamental rights, in particular the right to privacy. The question arises as to how secure this sensitive data actually is. Despite the fact that the European Commission says the system ensures data security, it remains unclear how they will prevent any security vulnerabilities or misuses. The scope of data collected and the possible interconnection between the different European information systems will make it possible in the future for everyone to be considered a ‘transparent citizen’ whose movements and identity can be traced at any time.
Another critical issue is citizens’ consent to the collection and use of their biometric data. In many cases, these schemes are implemented without the explicit consent of the individual. Even if there are theoretical possibilities for control, it remains questionable how effectively and transparently they are implemented in practice. In addition, the question arises as to the extent to which citizens really have control over their own data or whether it is concentrated in the hands of only a few EU authorities. With the introduction of systems such as sBMS, the responsibility for collecting, processing and analysing biometric data is increasingly in the hands of a few European authorities, in particular eu-LISA. The centralised collection and interconnection of personal data carries the risk of misuse, either as a political tool or through increased control of the population. The demand for transparency and independent oversight of these systems is growing louder, but it is not yet clear how this can be guaranteed. In the long run, the centralization of security measures and data can pave the way for greater surveillance and the erosion of individual freedoms.
In practice, implementing sBMS may prove to be more difficult than expected. The interconnection of the various European information systems, such as the Schengen Information System (SIS) or the Visa Information System (VIS), requires not only a solid technical infrastructure, but also a smoothly functioning organisational implementation. The question arises as to whether these systems will actually deliver the promised efficiencies, or whether technical problems and delays may hinder the achievement of the actual goal. A system that is supposed to identify and check millions of citizens efficiently and without errors will hardly be without problems. The rapid introduction of such complex systems without comprehensive legal support and a clear regulatory framework can jeopardise citizens’ rights. It remains unclear how compliance with data protection regulations will be ensured in concrete terms and who will be responsible in the event of errors or abuses. Responsibility for the protection and use of data must also be precisely regulated to ensure public confidence. Without a clear legal basis, the introduction of such systems could pose a significant risk to individual freedom and the protection of personal data.
The increasing centralisation of power and the collection of biometric data from millions of EU citizens raises serious questions about the limits to security and personal freedom. It is time for the EU to take its responsibility towards citizens seriously and ensure that these systems are developed and implemented in accordance with the highest standards of data protection and respect for individual rights. Otherwise, the dream of a secure and connected EU could become a nightmare for citizens who lose their freedom on the altar of ‘security’.
Translated and edited by Hans Seckler