April 22 2008
The use of biometric data in Italy has grown rapidly in the past two years and such data is increasingly integrated into large-scale systems for drivers licences, surveillance, health, identity cards and social benefits. The need for a single means of identification and transaction verification has emerged in various environments in both the public and private sectors.
In Italy, biometric data is used mainly for military and police applications and to control access to:
Various research bodies and industries have focused particularly on:
At present, the most commonly used technology in Italy is fingerprint recognition technology, followed by face and IRID recognition technology.
In banking, biometric technology was originally developed for use in systems to control physical access to buildings. However, more recently such technology has also been used to control access to e-banking services.
As the Italian Banking Association's 2007 IT Report explains, the use of biometric technology in the Italian banking sector focuses on fingerprint technology. However, the use of fingerprints in a range of applications - and the use of biometrics generally - must be consistent with Italian privacy legislation. Particular legal problems arise in connection with banks' retention of biometric data.
On October 27 2005 the Data Protection Authority adopted the General Provision on Limitations and Safeguards Applying to the Taking of Fingerprints and Personal Biometric Data by Banks. The general provision states that the taking of fingerprints should not “restrict... a bank customer’s freedom and dignity”. If access to the bank is controlled by a fingerprint system, the bank must ensure that a customer who objects to fingerprinting or is unable to comply with the requirement because of his or her personal circumstances can enter the bank by other means. Alternative precautions may be taken at the bank manager's discretion if necessary, but the customer may not be required to provide fingerprint data. The authority has stated that:
Following enquires into the biometric systems used by certain large banking groups, the authority recently intervened in three cases to prevent the unlawful use of biometrics. The authority ordered the banks in question to comply with the provision’s procedure on using fingerprints and face recognition data to control access to buildings.
Among other things, the authority's decisions require the banks to:
The authority set the banks a deadline of March 14 2008 to evaluate the need to install biometric data systems in their branches and to cease or suspend data processing in connection with such systems.
In the case of certain banks, the authority considered that the use of fingerprints or face recognition systems to control access for bank personnel is disproportionate to the risks that the systems are supposed to address. The authority ordered the banks in question to provide separate or alternative access without biometric data recognition systems for customers who object to fingerprinting or are unable to comply because of their personal circumstances.
Some of the banks assessed by the authority failed to inform it of all of the biometric recognition systems installed or due to be installed in their buildings. The authority ordered the banks to comply with the seven-day retention period for data and images, and to implement the authority's rules on video cameras which are used to monitor automatic teller machines and other service areas.
The authority exercises particularly close control over the appropriate use of biometric data by banks because of the security implications in the sector. The level of control is arguably even stricter than that imposed elsewhere in the private sector - for example, the authority has previously authorized the use of a fingerprint access system for the personnel of a jewellery company.
The authority's interest in protecting privacy in banking must be set against the increasing use of biometric security systems in the sector and the growth of the biometric systems industry in Italy and the rest of Europe.
For further information on this topic please contact Francesca Besemer at Portolano Colella Cavallo Studio Legale by telephone (+39 06 3974 5437) or by fax (+39 06 3974 5400) or by email (email@example.com).
ILO provides online commentaries as specialist Legal Newsletters. Written in collaboration with over 500 of the world's leading experts and covering more than 100 jurisdictions, it delivers individually requested information via email to an influential global audience of law firm partners and international corporate counsel. Please click here to register for the service.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription. Register at www.iloinfo.com.