By Stephen Gardner
Oct. 18 --A European Union
regulation requiring the inclusion of digitized fingerprints in passports
infringes the right to privacy and the protection of personal data, but is
nevertheless justified as a measure to prevent the fraudulent use of passports,
the European Court of Justice ruled Oct. 17 (Schwarz v. Bochum, E.C.J.,
No. C/291/12, 10/17/13).
Under a 2004 regulation on integration of
biometric features in passports and travel documents (Regulation
(EC) No 2252/2004), EU member states are required as a security measure to
include in passports a digitized facial image and two fingerprints of the
The validity of the
requirement was questioned by a German resident, Michael Schwarz, whose
application for a passport was rejected after he refused to have his
fingerprints taken. Schwarz brought an action against the rejection before a
German administrative court, which referred it to the ECJ for an interpretation
of EU law.
Taking and storing fingerprint data “constitutes a threat to
the rights to respect for private life and the protection of personal data.
Accordingly, it must be ascertained whether that twofold threat is justified,”
the court said in its judgment opinion.
In an Oct. 17 statement
accompanying the judgment, the Luxembourg-based European Court of Justice said
“the contested measures pursue, in particular, the general interest objective of
preventing illegal entry into the EU” and are “appropriate for attaining the
aim of protecting against the fraudulent use of passports.”
the 2004 regulation “was adopted on an appropriate legal basis,” and “the
procedure leading to the adoption of the measures applicable in the present
case is not vitiated by any defect,” the court added.
The court also
noted that although digitized fingerprints may be stored in passports, the 2004
regulation didn't include a provision for storing fingerprints in a database
and “cannot in and of itself be interpreted as providing a legal basis for the
centralised storage of data collected thereunder.”
Gus Hosein, executive director of London-based Privacy
International, an advocacy group campaigning for privacy rights, told Bloomberg
BNA Oct. 18 that the court had “narrowly interpreted” EU law, and there was
potential for challenges against the taking of fingerprints for inclusion in
passports to be brought before the European Court of Human Rights.
court ruling was the “perpetuation of a stupid mistake” made by the European
Parliament when it approved the collection of fingerprints for passports,
The EU regulation goes beyond international standards, such
as the International Civil Aviation Organization recommendation that biometric
passports should contain a digitized photograph, he said.
In 2008, the
European Commission proposed revisions to the biometric passport
requirements--a move the European Data Protection Supervisor said didn't go far
enough to protect privacy --but the proposal didn't move forward.
member states Denmark, Ireland and the United Kingdom opted out of the
regulation requiring the inclusion of fingerprints in passports.
To contact the reporter on this story: Stephen Gardner in Brussels at
To contact the editor
responsible for this story: Donald G. Aplin at email@example.com
Full text of the European
Court of Justice's opinion is available at http://op.bna.com/pl.nsf/r?Open=dapn-9clmm8.
To view additional stories from Privacy & Data Security Law
Resource Center™ register for a free trial now