BIO-PRIVACY PRIVACY REGULATIONS AND THE CHALLENGE OF BIOMETRICSPDF电子书下载

PART Ⅰ 1

1 Introduction 3

1.1 Background 3

1.1.1 Development of biometrics 3

1.1.2 Public debate 4

1.1.3 State of legal research 6

1.2 Subject matter and aims of this book 8

1.2.1 Research objectives 8

1.2.2 Research challenges 10

1.3 Scope and limitations 11

1.3.1 Technology 11

1.3.2 Furisdiction 12

1.3.3 Privacy and data protection law 13

1.4 Methodology 14

1.4.1 A system-oriented analysis: allocation of risks 14

1.4.2 De lege lata and de lege ferenda analyses 14

1.4.3 Legal methods 15

1.5 Resources 17

1.5.1 Sources of law 17

1.5.2 Secondary sources: the commenting literature 19

1.6 Terminology 20

1.7 Progression 23

2 Biometric technology and its applications 29

2.1 Introduction 29

2.2 Characteristics of biometrics 29

2.3 Biometric authentication vs. identification 31

2.4 Biometric system operation 32

2.5 Privacy and security risks of a biometric system 36

2.6 Types of biometrics 38

2.6.1 Fingerprint recognition 39

2.6.2 Iris recognition 40

2.6.3 Facial recognition 41

2.6.4 Handgeometry 41

2.6.5 Voice recognition 42

2.6.6 Vein recognition 43

2.7 Summary of biometrics 44

2.8 Other related technologies 46

2.8.1 Smart cards 46

2.8.2 Radio frequency identification (RFID) 48

2.9 Biometric applications 49

2.9.1 Examples o f biometric applications 50

2.9.2 Analysis of the examples in light of Wayman’s classification criteria 53

2.10 Summary 53

PART Ⅱ 61

3 Rational concerns about biometric technology:security and privacy 63

3.1 Introduction 63

3.2 Special nature of biometric technology and biometric data 64

3.2.1 he biological nature of biometric data and technology 64

3.2.2 The automatic nature of biometric data and biometric technology 68

3.3 Privacy and biometric technology 71

3.3.1 Information privacy and biometric technology 72

3.3.2 Physical privacy and biometric technology 79

3.4 Security and biometric technology 81

3.4.1 Limitations of technology 81

3.4.2 Misconceptions relating to biometric technology 83

3.4.3 Security problems posed by biometric technology 84

3.5 Summary 87

PART Ⅲ 93

4 Regulation of biometrics by privacy and data protection law in Europe 95

4.1 Introduction 95

4.2 Sources ofprivacy protection 96

4.2.1 Article 8 of the ECHR 96

4.2.2 Convention No. 108 on Data Protection 97

4.2.3 Data Protection Directive 99

4.3 Privacy challenges of biometric technology on privacy lawe 100

4.3.1 Scope of the privacy instruments 101

4.3.2 Biometrics and informational privacy 115

4.3.3 Biometrics and reasonable expectation ofprivacy 148

4.4 Conclusions 150

5 Biometrics and privacy protection in the United States 163

5.1 Introduction 163

5.2 Legal sources of privacy protection 164

5.2.1 Privacy protection under the US Constitution 164

5.2.2 Federal statutory privacy protection 164

5.2.3 Actions under common law in torts 165

5.3 Countering privacy risks of biometric technology through privacy law 165

5.3.1 US Constitution 165

5.3.2 Federal privacy statutes 178

5.3.3 Common law of torts 189

5.4 Bio-privacy case law and regulations 194

5.4.1 Case law concerning biometrics 194

5.4.2 Privacy legislations concerning biometrics 198

5.5 Conclusions 201

6 Privacy regulations on biometrics in Australia 213

6.1 Introduction 213

6.2 Sources of privacy protection 214

6.2.1 The Privacy Act 214

6.2.2 Biometrics Institute Privacy Code 215

6.3 Coverage of Privacy Act and Privacy Code 216

6.3.1 Definition of bionetrics 216

6.3.2 Personal information and identifier 217

6.3.3 Exemptions 218

6.3.4 Sensitive information 219

6.4 Information privacy challenges of biometrics 221

6.4.1 Unauthorised collections: notice and consent 221

6.4.2 Unnecessary collection 223

6.4.3 Function creep: secondary use and disclosure 225

6.4.4 Anonymity 228

6.4.5 Information security risks and biometrics 230

6.5 Physical privacy and biometrics 233

6.6 Conclusions 233

PART Ⅳ 241

7 Towards an appropriate regulatory approach for bio-privacy 243

7.1 Introduction 243

7.2 Self-regulation 243

7.3 Hard regulation 246

7.3.1 General privacy regulations 246

7.3.2 Biometric-specific regulations 247

7.4 A hybrid approach 249

7.5 Conclusion 250

8 Concluding remarks and future vision 253

8.1 Introduction 253

8.2 Rational concerns of biometric technology 253

8.3 Adequacy of current legal framework 254

8.4 Appropriate regulatory approach 258

8.5 General recommendations and postscripts 258

Appendix 1: Personal Data Act, Norway 263

Appendix 2: Biometric Identifier Privacy Act 267

Index 271