Public Hearing on the use of security scanners at EU airports European Economic and Social Committee Brussels, 11 January 2011 Giovanni Buttarelli, Assistant European Data Protection Supervisor Speaking points The close link between passengers issues and data protection is not surprising. Passengers are physical persons -not objects- and their movements imply the collection, the further processing and circulation of a massive amount of data, based on the growing use of emerging Information and Communication technologies. Therefore this constitutes a data-intensive area and needs to be evaluated in a global perspective, with attention to other developments relevant for air passengers. The EDPS is closely following all relevant developments at EU and national level concerning the impact of the use of body scanners, including now the Commission update of the annex to Regulation (EC) No 300/2008.
More recently it is the inclusion of body scanners in the list of the security measures to be allowed in airports which triggered reaction of DPAs. We support the idea of a European approach to security scanners, provided that the necessity test is met, and the best possible safeguards are included. A European approach would contribute to ensure legal certainty and the best and most consistent protection of EU-citizen. Our official position, (Opinion adopted 11/02/2009) which remains valid, was arrived at in collaboration with the WP29, in response to a consultation request from the Commission. Updated comments submitted to the Commission in July last year (reacting to the Communication) or to the Parliamentary LIBE Commitee in February 2010 are also easily available on our web site. We also contributed to the adoption in Prague last year of a resolution of all Europan EDPAs. Finally, we are also represented in the Task Force organized by the Commission including relevant stakeholders. The Communication starts by listing the numerous security initiatives which have followed the different attacks or terrorist attempts since 2001. The EDPS fully supports the considerations developed in points 23 and 24 of the Communication, which question "whether adding new security layers after every incident is an effective means to improve aviation security". Therefore, no doubts about the need to strengthen airport security measures and to undertake new assessments of some of them, since the effectiveness and added value of certain screening process for liquids and explosives cannot be dismissed as a point of principle. However, the EU legal framework on fundamental rights - the Lisbon Treaty, the EU Charter, the European Convention - implies that the necessity of body scanners should first be assessed "holistically", as I
said in a global context with reference to all other existing or potential security measures. Preference should be given to the least invasive measures clarifying why other instruments might be inefficient or not properly implemented. The EDPS was pleased to note of the letter from the former Vice President Jacques Barrot to the WP29 (dated 8 January 2010), stating that the EU Commission will follow the impact of this new technology from the economical point of view, as well as from the medical and the fundamental rights perspective including data protection, before submitting a proposal on this issue; and that it is carefully evaluating not only the compatibility with privacy and data protection but also operational issues such as the optimal location of devices, a graduated approach to different alerts, staff training and the notice to passengers. We also welcomed the report announced in Toledo by the same former Vice President Barrot on the effectiveness of this technology, on its possible health effects and on its compatibility with the right to privacy. It is also relevant to note that according to Mrs. Janet Napolitano, United States Secretary of Homeland Security in the Obama s administration, the use of scanners "is not the deciding factor nor essential for guaranteeing safety" although the US considers them as useful. Body scanners have a significant impact on the privacy of passengers and such screening might, in certain cases, be a humiliating experience, especially for those with certain health conditions. Since privacy is a precondition to the exercise of many other fundamental rights, we consider that the evaluation of the health impact of this technology far from irrelevant. Nevertheless a considered position on body scanners from a data protection perspective depends mainly on how, where, when, and with which rigorous procedures they are installed and used (for example with a remote operator analysing a full picture, or through an automatic detection algorithm, with or without the recording of pictures), and also on which guarantees for the interested persons are put in place.
In summary, it would now seem inappropriate to say that the use of body scanners as such is against EU privacy laws. Should EU institutions decide to successfully justify the necessity and the proportionality of such a privacy and dignity-intrusive tool, the principle of "privacy by design" should apply at all stages. This means that a fully justified use of body scanners on a wide scale should be as "privacy friendly" as possible and this requirement should be part of the technology used (e.g. no full body imaging, but signalling specific areas). A mimic board is obviously less dignity-invasive then a naked body. In the case of security scanners, "Best Available Techniques" would mean the most effective and advanced stage in the development of activities and their methods of operation which indicate the practical suitability of particular techniques for providing, in compliance with the privacy and data protection EU framework, a defined detection threshold. These BATs will be designed to prevent and, where that is not practicable, to mitigate to an appropriate level the security risks related to airport and minimize as much as possible their impact on privacy. The fast pace of development of this technology highlights the need to be orientated towards the future, as new techniques could be either more privacy invasive or more privacy friendly. I hope this would interest the producers of scanners Additional details on that are present in the EDPS Comments available on our web site, also with regard to the issue of identifiability of individuals. 1 1 SOME AIRPORTS ARE USING SCANNERS IN A TRIAL PHASE. IT IS INTERESTING TO NOTE THAT WHILST SOME OF THE MORE INVASIVE FIRST GENERATION SCANNERS SHOWED FOR INSTANCE THE WHOLE SKELETON OF PASSENGERS, THERE ARE NOW MODELS WHICH APPEAR TO BE MORE COMPLIANT WITH EU LAW AND THE AFOREMENTIONED POSITION ADOPTED BY EDPS AND WP 29. IN PARTICULAR, ONE RECENT DEVELOPMENT ENSURES THAT IMAGES SHOWN TO OPERATORS ARE NO LONGER REAL PICTURES OF A PASSENGER AND INSTEAD USE A REPRESENTATION SHOWING POSSIBLE ZONES WHERE SUSPECTED ELEMENTS SHOULD MAY BE LOCATED.
Finally, I would like to stress that consent should not be used to legitimise a process of personal data if there is no legal basis for that processing. In other words, the legal need to legitimise the use of security scanners should not be transferred on the consumer through a "choice" option. If refusing to use a scanner results in longer waiting lines and a presumption that the passenger has something to hide, there is no real consent. In conclusion, the introduction of a legal obligation, subject to certain modalities and conditions, with scope for some individual "choice", where appropriate, would therefore still seem to be unavoidable in the light of Article 8 ECHR and Articles 7-8 EU Charter.