Privacy group slams biometrics code of conduct

Privacy advocates have dubbed the development of a privacy code of conduct for the biometrics industry an “abject failure” after being excluded from consultations.

Australia’s Biometrics Institute is developing the guidelines for biometrics users and suppliers as part of a A$110,000 (US$67,000) project.

Tenders for the project closed this week and the National Office for the Information Economy (NOIE) is approving ‘in-principle’ a A$30,000 grant toward the project.

Biometrics Institute manager Isabelle Moeller was unwilling to provide details of what the code will cover due to probity, because the project was still in the tender phase.

However, Moeller said the organization that wins the tender will conduct focus groups and consultations with institute members and the public, not specifically with privacy advocates.

“They (privacy groups) are not members of the institute although they could be part of the public,” she said.

Australian Privacy Foundation (APF) and Electronic Frontiers Australia (EFA) board member Roger Clarke said the code will be a failure if there is no consultation that includes public interest advocacy, as such groups would be keen to contribute and make a submission to the development of guidelines for the biometrics industry and users.

“There needs to be a steering committee with representations from relevant parties, because it is a technology that is extraordinarily invasive,” he said.

Key points that should be included in the scope of the code, he said, should cover ‘privacy of person’. Like blood tests, biometric technology extracts information from a person in addition to restricting behaviour, because people behave differently during surveillance, he said.

Clarke said the code is even more critical if it covers workplace issues and not just its use in the public domain, because employers exercise a level of power that could raise additional privacy concerns.

“Wherever biometrics are used there needs to be a Privacy Impact Assessment (PIA) similar to Environmental Impact Statements (EIS) which are generally accepted whenever there is action taken that could impact on the environment,” he said.

Clarke also raised concerns about the membership of the institute, which he said is largely made up of suppliers rather than users so “everything they do is likely to be tainted.”

According to the tender document, the code will be developed in co-operation with the Office of the Federal Privacy Commissioner and should be based on National Privacy Principles as well as conducting five consultations with key stakeholders provided by the institute.

A progress report on the code of conduct will be presented at the Biometrics Institute conference in May.