Border Control and Use of Biometrics: Reasons Why the Right to Privacy Can Not Be Absolute

  • Mohamed AbomharaEmail author
  • Sule Yildirim Yayilgan
  • Marina Shalaginova
  • Zoltán Székely
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 576)


This paper discusses concerns pertaining to the absoluteness of the right to privacy regarding the use of biometric data for border control. The discussion explains why privacy cannot be absolute from different points of view, including privacy versus national security, privacy properties conflicting with border risk analysis, and Privacy by Design (PbD) and engineering design challenges.


Biometrics Biometric technology Border control Data privacy Right to privacy 


  1. 1.
    Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code). Official Journal of the European Union, L 77/1 (2017).
  2. 2.
    Regulation (EU) 2017/2225 of the European Parliament and of the Council of 30 November 2017 amending Regulation (EU) 2016/399 as regards the use of the Entry/Exit System. Official Journal of the European Union, L 327/1 (2017).
  3. 3.
    Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011. Official Journal of the European Union, L 327/20 (2017).
  4. 4.
    Regulation (EU) 2017/458 of the European Parliament and of the Council of 15 March 2017 amending Regulation (EU) 2016/399 as regards the reinforcement of checks against relevant databases at external borders. Official Journal of the European Union, L 74/1 (2017).
  5. 5.
    Court of Justice of the European Union: C-112/00, Eugen Schmidberger, Internationale Transporte und Planzüge v Republik Österreich (2003)Google Scholar
  6. 6.
    Court of Justice of the European Union: Joined Cases C-92/09 and C-93/09, Volker und Markus Schecke GbR and Hartmut Eifert v Land Hessen (2010)Google Scholar
  7. 7.
    Court of Justice of the European Union: Case C-131/12, Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (2014)Google Scholar
  8. 8.
    Abdelwhab, A., Viriri, S.: A survey on soft biometrics for human identification. Mach. Learn. Biom., 37 (2018)Google Scholar
  9. 9.
    Abomhara, M., Yayilgan, S.Y., Nymoen, A.H., Shalaginova, M., Székely, Z., Elezaj, O.: How to do it right: a framework for biometrics supported border control. In: Katsikas, S., Zorkadis, V. (eds.) e-Democracy 2019. CCIS, vol. 1111, pp. 94–109. Springer, Cham (2020). CrossRefGoogle Scholar
  10. 10.
    Abrahamsson, P., Salo, O., Ronkainen, J., Warsta, J.: Agile software development methods: review and analysis. VTT Technical Research Centre of Finland, VTT Publications 478 (2017)Google Scholar
  11. 11.
    Bhatia, R.: Biometrics and face recognition techniques. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(5) (2013)Google Scholar
  12. 12.
    Boehm, F.: Information Sharing and Data Protection in the Area of Freedom, Security and Justice: Towards Harmonised Data Protection Principles for Information Exchange at EU-Level. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  13. 13.
    Bonnici, J.P.M.: Exploring the non-absolute nature of the right to data protection. Int. Rev. Law Comput. Technol. 28(2), 131–143 (2014)CrossRefGoogle Scholar
  14. 14.
    Campisi, P.: Security and Privacy in Biometrics, vol. 24. Springer, London (2013). Scholar
  15. 15.
    Çinar, Ö.H.: The right to privacy in international human rights law. J. Inf. Syst. Oper. Manag. 13(1), 33–44 (2019)Google Scholar
  16. 16.
    Danezis, G., et al.: Privacy and data protection by design-from policy to engineering (2014).
  17. 17.
    Dantcheva, A., Elia, P., Ross, A.: What else does your biometric data reveal? A survey on soft biometrics. IEEE Trans. Inf. Forensics Secur. 11(3), 441–467 (2016)CrossRefGoogle Scholar
  18. 18.
    Dantcheva, A., Velardo, C., D’angelo, A., Dugelay, J.L.: Bag of soft biometrics for person identification. Multimedia Tools Appl. 51(2), 739–777 (2011)CrossRefGoogle Scholar
  19. 19.
    Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)CrossRefGoogle Scholar
  20. 20.
    eu-LISA: Biometrics in large-scale it: Recent trends, current performance capabilities, recommendations for the near future. European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) (2018).
  21. 21.
    European Commission: Biometrics technologies: a key enabler for future digital services. Digital Transformation Monitor (2018)Google Scholar
  22. 22.
    Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. Comput. Priv. Data Prot. 14(3), 25 (2011)Google Scholar
  23. 23.
    Hadar, I., et al.: Privacy by designers: software developers’ privacy mindset. Empirical Softw. Eng. 23(1), 259–289 (2018)CrossRefGoogle Scholar
  24. 24.
    Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). Scholar
  25. 25.
    Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)Google Scholar
  26. 26.
    International Civil Aviation Organization (ICAO): Icao tyou rip guide on border control management (2017).
  27. 27.
    Jonsson Cornell, A.: The right to privacy. Oxford University Press (2016).
  28. 28.
    Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)CrossRefGoogle Scholar
  29. 29.
    Khoo, Y.H., Goi, B.M., Chai, T.Y., Lai, Y.L., Jin, Z.: Multimodal biometrics system using feature-level fusion of iris and fingerprint. In: Proceedings of the 2nd International Conference on Advances in Image Processing, pp. 6–10. ACM (2018)Google Scholar
  30. 30.
    Kizza, J.M., et al.: Ethical and Social Issues in the Information Age, vol. 999. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  31. 31.
    Leese, M.: Privacy and security – on the evolution of a European conflict. In: Gutwirth, S., Leenes, R., de Hert, P. (eds.) Reforming European Data Protection Law. LGTS, vol. 20, pp. 271–289. Springer, Dordrecht (2015). Scholar
  32. 32.
    Lind, N.S., Rankin, E.T.: Privacy in the Digital Age: 21st-Century Challenges to the Fourth Amendment: 21st-Century Challenges to the Fourth Amendment, vol. 2. ABC-CLIO, Santa Barbara (2015)Google Scholar
  33. 33.
    Liu, N.Y.: Bio-Privacy: Privacy Regulations and the Challenge of Biometrics. Routledge, Abingdon (2013)CrossRefGoogle Scholar
  34. 34.
    Lumini, A., Nanni, L.: Overview of the combination of biometric matchers. Inf. Fusion 33, 71–85 (2017)CrossRefGoogle Scholar
  35. 35.
    Mironenko, O.: Body scanners versus privacy and data protection. Comput. Law Secur. Rev. 27(3), 232–244 (2011)CrossRefGoogle Scholar
  36. 36.
    Oetzel, M.C., Spiekermann, S.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inf. Syst. 23(2), 126–150 (2014)CrossRefGoogle Scholar
  37. 37.
    Parkavi, R., Babu, K.C., Kumar, J.A.: Multimodal biometrics for user authentication. In: 2017 11th International Conference on Intelligent Systems and Control (ISCO), pp. 501–505. IEEE (2017)Google Scholar
  38. 38.
    Rao, P.R.M., Krishna, S.M., Kumar, A.S.: Privacy preservation techniques in big data analytics: a survey. J. Big Data 5(1), 33 (2018)CrossRefGoogle Scholar
  39. 39.
    Robinson, N., Gaspers, J.: Information security and data protection legal and policy frameworks applicable to European Union institutions and agencies (2014)Google Scholar
  40. 40.
    Rung, S., van Lieshout, M., Friedewald, M., Ooms, M., van den Broek, T.: Privacy and security: citizens’ desires for an equal footing. In: Surveillance, Privacy and Security, pp. 15–35. Routledge (2017)Google Scholar
  41. 41.
    Saranya, K., Premalatha, K., Rajasekar, S.: A survey on privacy preserving data mining. In: 2015 2nd International Conference on Electronics and Communication Systems (ICECS), pp. 1740–1744. IEEE (2015)Google Scholar
  42. 42.
    Schaar, P.: Privacy by design. Identity Inf. Soc. 3(2), 267–274 (2010)CrossRefGoogle Scholar
  43. 43.
    Senarath, A., Arachchilage, N.A.: Why developers cannot embed privacy into software systems?: An empirical investigation. In: Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018, pp. 211–216. ACM (2018)Google Scholar
  44. 44.
    Sheth, S., Kaiser, G., Maalej, W.: Us and them: a study of privacy requirements across North America, Asia, and Europe. In: Proceedings of the 36th International Conference on Software Engineering, pp. 859–870. ACM (2014)Google Scholar
  45. 45.
    Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)Google Scholar
  46. 46.
    Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2008)CrossRefGoogle Scholar
  47. 47.
    Spiekermann-Hoff, S.: The challenges of privacy by design. Commun. ACM (CACM) 55(7), 34–37 (2012)CrossRefGoogle Scholar
  48. 48.
    Valkenburg, G.: Privacy versus security: problems and possibilities for the trade-off model. In: Gutwirth, S., Leenes, R., de Hert, P. (eds.) Reforming European Data Protection Law. LGTS, vol. 20, pp. 253–269. Springer, Dordrecht (2015). Scholar
  49. 49.
    Voigt, P., Von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). A Practical Guide, 1st edn. Springer, Cham (2017). CrossRefGoogle Scholar
  50. 50.
    Warren, S., Brandeis, L.: The Right to Privacy. Litres (2019)Google Scholar
  51. 51.
    Zeadally, S., Badra, M.: Privacy in a Digital, Networked World: Technologies, Implications and Solutions. Springer, Heidelberg (2015). Scholar
  52. 52.
    Zewail, R., Elsafi, A., Saeb, M., Hamdy, N.: Soft and hard biometrics fusion for improved identity verification. In: The 2004 47th Midwest Symposium on Circuits and Systems, 2004. MWSCAS 2004, vol. 1, pp. I-225. IEEE (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2020

Authors and Affiliations

  • Mohamed Abomhara
    • 1
    Email author
  • Sule Yildirim Yayilgan
    • 1
  • Marina Shalaginova
    • 1
  • Zoltán Székely
    • 2
  1. 1.Department of Information Security and Communication TechnologyNorwegian University of Science and TechnologyGjøvikNorway
  2. 2.Faculty of Law EnforcementNational University of Public ServiceBudapestHungary

Personalised recommendations