Data watchdog calls into doubt plans to fingerprint all Members of the European Parliament for preventing fraud

There has been some harsh criticism of plans by the European Parliament‘s Bureau to fingerprint all Members of Parliament in order to register their presence. Following up on complaints, the European Data Protection Supervisor (EDPS) is now calling into doubt the legality of the scheme.

In a set of recommendations released yesterday the EDPS tells the Parliament leadership it would need to look for another legal ground for processing the sensitive biometric data. Also the rules in force don‘t allow for fingerprinting. The administration needs to justify why it considers the risk of impersonations for a badge-based system is „more than a fringe occurrence“ and whether such fraud has ever occured while a badge-based system was tested. Parliament also needs to look into alternative solutions that rely on Members‘ mobile phones.

According to documents requested by MEP Patrick Breyer (Pirate Party) the biometric attendance system would cost more than 100,000 €. Other documents pertaining to the project were withheld from the public entirely or in parts, including the data protection impact assessment. In fact the Parliament‘s leadership used more pages to explain why it is withholding information than were released to the public.

„By plotting to fingerprint all Members, the Parliament‘s leadership wants to place all of us under a general suspicion of fraudulently asking other people to register and claim attendance allowances – without citing a single occurence of such fraud during the test of a badge-based system“, states Breyer. „I protest this unnecessary and likely unlawful biometric fingerprinting of Members of the European Parliament. We shall not allow large-scale processing of biometrics to become a new normality. Also in times of a pandemic and in view of the financial sufferings of many citizens we should know many more pressing needs for spending this much money.“

Background: The Article 29 data protection group stated that, as a general rule, the use of biometrics cannot be regarded as a legitimate interest for securing access to buildings. According to the European Data Protection Supervisor Wojciech Wiewiórowsk „the EDPS did not consider proportionate the use of biometric systems for monitoring staff members’ working time and leave. We considered the processing of biometric data was not necessary in relation to the purpose because such purpose could be achieved with less intrusive means as by signing in, using attendance sheets, or using clocking in systems via magnetic badges.“[5]