Sweden is implementing Council Regulation No 2252/2004 on standards for security features and biometrics in passports and travel documents issued by Member States. As part of the legislative process the Swedish Government invited the Swedish Data Inspection Board (“DIB”) to comment on the proposed referral to the Council of Legislation.
The DIB noted that since passports are to include a storage medium that can contain both a facial image and fingerprints and biometrical identification which mostly includes automatic processing of personal data, the provisions in the Data Protection Directive had to be considered. The DIB was scepticalof the suggested referral since the purpose of processing the personal data contained in the storage medium in the passport was only stated in the referral and not in the proposed text of law. The DIB also rejected the suggested referral as it failed to mention:
a) the information to be provided to the data subject;
b) the possibility of getting rectification;
c) the risk that the design of passports might be used for automated individual decisions; or
d) how the information contained in the passports was guaranteed to be secure.
The DIB summarised its critique by stating that the referral lacked any analysis on the application of the Data Protection Directive and the Swedish Personal Data Act principles and that, without such an analysis, DIB cannot support the proposed referral.