Resolution on the use of body scanners for airport security purposes
adopted by
the European Privacy and Data Protection Commissioners’ Conference
29 – 30 April 2010, Prague
Following the failed attack on Delta Flight 253 Amsterdam – Detroit on 25 December 2009, governments and security agencies around the world started a debate on how to increase security at airports and whether body scanners should be installed to facilitate checks on air passengers before entering the airplane. The installation of such body scanners and the screening of the whole human body can seriously infringe the passenger’s right to privacy and data protection. For that reason, data protection principles and safeguards as well as privacy by design should be taken into account when considering the use of body scanners.
Among the data protection principles to be taken into account is the necessity of the processing. It is still not clear whether these devices will indeed enhance security at airports. Before installing them questions as to their effectiveness and their impact on the health of passengers should be considered as well.
Given the current state of the debate, the European Privacy and Data Protection Commissioners’ Conference is concerned that new devices are being introduced that do not meet data protection standards. Therefore, it wishes to emphasise the need for a scientifically based and co-ordinated discussion of this issue.1 All stakeholders such as scientists, technical experts, health and data protection professionals should be heard to come to a proper assessment of the issues at stake. In particular, the following aspects need to be addressed prior to any hasty decision on the use of body scanners.
1. Is the introduction of body scanners at airports necessary for aviation security and if so, to what extent? Detailed studies that include scientific methods need to be conducted on this question and a sound empirical basis should prove the body scanners’ usefulness. To date serious doubts remain as to the enhanced capabilities of body scanners with regard to detecting explosives such as small amounts of liquids or any other material of low density. Is there an added value compared to other methods of examining persons with walk through metal detectors, hand scanners or by personal body checks? If there are less intrusive methods2 that could achieve the same added level of security they should be used.
2. Are there adequate safeguards in place ensuring the privacy of persons screened by body scanners? Technical measures must guarantee that personal data of travellers are neither stored nor transferred. Pictures should immediately be deleted if the passenger is cleared.
Mimic boards of human beings are very privacy compliant and could be the preferred way of displaying bodies on screens. If any intimate details of persons, e.g. medical devices or artificial body parts, are being disclosed they should only be revealed to the operator in charge. The persons in charge of viewing the pictures screened by body scanners must be different from the ones who take part in further controls. They must exercise their functions in facilities without any possibility of communication with other controllers and must be unable to see the passengers. Furthermore, body scanners should only be installed after a privacy impact assessment (PIA) has been carried out, the result of which should include that the principles mentioned here are built in.
Only if a fair balance is struck between the effectiveness and necessity of these new technological devices on the one hand, and the impact on the privacy of airline passengers on the other hand, could the use of body scanners be considered as proportionate and as a suitable means of security screening from a data protection point of view.
Therefore, the European Privacy and Data Protection Commissioners’ Conference calls on decision makers across Europe to thoroughly consider the impact of body scanners on the fundamental rights of travellers before deciding on their use at airports.
Only devices that are data protection friendly by using privacy enhancing technologies and that strike the right balance between the need for more security and the right to privacy and data protection should be used. Data protection authorities should remain involved in the decision making process, in particular during trial and test phases, through prior checking of body scanner systems (if applicable under national law) and possibilities to monitor the proper functioning of the devices once they are installed at airports.
Passengers should be adequately informed about these devices and their data protection rights before being checked by body scanners. To that end, airport authorities should closely work together with their respective data protection authorities to ensure that information notices meet legal requirements.
___________________________________________
1 The Art. 29 WP has adopted a paper on body scanners on 11 February 2009. This paper and the accompanying letter to the European Commission can be found on the following website:
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/others/2009_05_11_letter_chairman_art29wp_daniel_calleja_dgtren_en.pdf
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/others/2009_05_11_annex_consultation_letter_chairman_art29wp_daniel_calleja_dgtren_en.pdf
2 Such as wands or sniffer dogs.