The Commissioner for personal data in the Republic of Cyprus says her office was not involved in the process of implementing a biometric requirement for Cypriot citizens, citing EU regulations that applied directly in the entire bloc.
Commissioner for Personal Data Protection Irene Loizidou-Nikolaidou told Knews on Wednesday that her office was not consulted over the new requirement for biometric data for citizens who apply for an ID card.
“Our office was never asked, nor should we have a say in the matter,” the commissioner told Knews.
Loizidou-Nikolaidou went on to explain that unlike an EU directive that calls on member states to come up with new laws to reach specific EU-set goals, a regulation is a binding legislative act that must be applied through all 27 countries.
'Governments of member states don’t need to pass any legislation in this case because an EU regulation supersedes national laws'
“Governments of member states don’t need to pass any legislation in this case because an EU regulation supersedes national laws,” Loizidou-Nikolaidou said.
Asked about the importance of biometrics, the commissioner said biometric data, such as fingerprints and other identifiable information, most definitely have do with sensitive personal information.
Biometric data are personal data resulting from specific technical processing relating to the physical, physiological, or behavioural characteristics of a natural person, which allows or confirms the unique identification of that natural person, such as facial images or fingerprint data.
But the commissioner said the EU has not allowed for any processing of biometric information, while officials have grouped biometrics into a special personal data category.
Some concerns but no legal challenges
Privacy advocates in several countries have questioned the effectiveness of biometrics over the right to privacy, saying the risk was too high as sensitive information, some of which obtained only physically or face to face, might fall into the wrong hands if a system is hacked or otherwise compromised.
There have been no known legal challenges against the use of biometrics in Cypriot government-issued ID cards for citizens.
The European Council last year said the biometrics regulation aimed at enhancing security, including identification cards of EU citizens, registration certificates issued to union citizens residing for more than three months in a host member state, and residence cards issued to family members of union citizens who are not nationals of a member state.
Under Freedoms in the EU Charter, Article 8 on Protection of personal data states that “everyone has the right to the protection of personal data concerning him or her.”
The article also says that personal data must be “processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law.”