Information Commissioner warns against fingerprinting at new UK terminal

By EDRi · March 26, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Mr. Richard Thomas, UK Information Commissioner warned Heathrow airport
operator BAA that the plans to fingerprint all passengers at the new
Terminal 5 may breach the UK Data Protection Act.

The 5.5 billion euro worth Terminal 5 was opened by the Queen on 16 March
and is due to receive its first passengers on 27 March 2008. The airport
plans to apply security measures that involve fingerprinting all passengers
including domestic ones claiming fingerprinting was necessary so that all
passengers could mix freely in Terminal 5 shopping mall area. Fingerprinting
is already being applied for domestic passengers at Terminal 1. The
passengers place a hand on a scanner which records four fingerprints and
face a camera which takes their photograph.

The airport has issued leaflets saying: “To ensure we maintain the highest
levels of border security, we are required to introduce additional controls
for passengers travelling to UK destinations. For this reason, we will
capture the photo and fingerprints of passengers. Only passengers who comply
with these additional controls will be able to fly to UK destinations.”

Following a complaint made by Privacy International on 9 March 2008, the
Information Commissioner has launched an investigation to verify whether the
airport “took account of the data protection implications of its proposal”.

The complaint said that “compulsory fingerprinting…will substantially
violate UK Data Protection law”. In Privacy International’s opinion, the
reason for these measures is rather commercial as BAA wants to have more
passengers spending money in the duty free shops. “To diminish privacy
rights in order to achieve greater sales revenue is a disquieting
development” says the document. On the airport’s website one can read:
“We’re transforming Heathrow to make big improvements for all passengers.
Domestic passengers will in future use the same departure lounges as
international passengers. That means all our passengers will enjoy the same
wide choice of shops and restaurants”.

The Office of the Information Commissioner contacted BAA demanding evidence
that it was acting lawfully and although BAA stated the measures had been
required by the Government, the Home Office denied the statement.

A spokesman for BAA explained to The Times newspaper that the system is
compliant with the UK law: “We are confident that there is no breach of the
Data Protection Act and nor do these measures affect the fundamental rights
of our passengers, principally because we encrypt all data immediately and
destroy it within 24 hours.”

In Privacy International’s opinion the security actions planned by the
airport are “unnecessary, intrusive and disproportionate”. David Smith, the
Deputy Information Commissioner, said: “We want to know why Heathrow needs
to fingerprint passengers at all. Taking photographs is less intrusive. So
far we have not heard BAA’s case for requesting fingerprints. If we find
there is a breach of data protection legislation, we would hope to persuade
them to put things right. If that is not successful we can issue an
enforcement notice. If they don’t comply, it is then a criminal offence and
they can be prosecuted. (…) Unless Heathrow provides evidence that the
move is necessary, the Commissioner has the power to order it to stop
fingerprinting passengers or face legal action”.

The Office of the Information Commissioner has advised passengers that such
a scheme would normally be considered “intrusive” and that they should have
their fingerprints taken “under protest”.

Terminal Five chaos threat over fingerprint plan: Commissioner tells
passengers to protest at security measures (23.03.2008)
http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=542373&in_page_id=1770

Privacy International complaint poised to shut down Heathrow passenger
fingerprinting (22.03.2008)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-561079

How to deal with the Heathrow fingerprint system (23.03.2008)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-561080

Privacy watchdog warns on Heathrow fingerprint system (26.03.2008)
http://www.out-law.com//default.aspx?page=8974