Out-Law / Your Daily Need-To-Know

Privacy watchdog warns on Heathrow fingerprint system

Out-Law News | 26 Mar 2008 | 9:11 am | 1 min. read

Privacy watchdog the Information Commissioner will investigate a new Heathrow Airport fingerprint security system to find out if it is legal. The regulator has asked airport operator BAA for more information on the new system.

BAA will open its new Terminal 5 at Heathrow on Thursday of this week. Passengers using the terminal will have to allow four fingers to be scanned for fingerprints even if they are only travelling within the UK.

The Information Commissioner's Office (ICO) said that it has asked BAA for more information on the system, and that it is worried about its compliance with data protection law.

"We have concerns about the routine collection of fingerprint information from passengers and we will require reassurance from BAA that the data protection implications of the proposals have been fully addressed," said a spokesperson from the ICO.

The ICO will investigate whether the function can be performed by other technology that does not collect and store biometric data on travellers. "We will be weighing up the security benefits of the scheme against the impact on privacy and asking what other, less intrusive alternatives have been considered," said the spokesperson.

Passengers will be fingerprinted at the security checkpoint and later at the boarding gate at the airport.

The same departure lounges and shops and restaurants in the terminal will be used by both domestic and international passengers. The system is designed to stop incoming international passengers from being able to swap boarding passes with another traveller and going elsewhere in the UK without being identified at the gate.

A spokesman for BAA told The Times newspaper that the company believed that its system complied with UK law.

“We are confident that there is no breach of the Data Protection Act and nor do these measures affect the fundamental rights of our passengers, principally because we encrypt all data immediately and destroy it within 24 hours," said the spokesman.

The ICO said that any organisation should ensure that systems are compliant with privacy laws long before they are put in place.

“As organisations collect more and more personal data the greater the potential risks to individuals," said the spokesperson. "It is essential that before introducing new systems and technologies, which could accelerate the growth of a surveillance society, full consideration is given to minimising the impact on privacy and that data protection safeguards are in place to limit any risks.”

Commissioner Richard Thomas has been warning for over two years that too much personal data is collected and used in the UK by the public and private sectors. He has said that he believes that the UK is in danger of becoming a "surveillance society".