Obstruction efforts by the Conservative People’s Party (EKRE) have seen the work of the Riigikogu hindered over ABIS – the automatic biometric identification system database that comprises people’s fingerprints and facial images. More than a few aspects of the bill spark uncertainty.
ABIS holds uncertainty for the future
The ABIS bill was first sent out for coordination by then Interior Minister Mart Helme (EKRE) last fall. Helme said that the initial aim of the bill was to create a new IT solution in place of old databases, while “the bill morphed into an attempt to create a super database following the initiative of officials,” which caused it to get stuck in the previous government due to opposition from the national conservatives.
Helme’s successor in the ministry Alar Laneman (EKRE) emphasized that EKRE are not against the bill as one needs to keep up with technological advancements. However, the opposition party is critical of several details regarding which its amendment proposals were not heeded. “No law remains unchanged going from an initiative to being passed. Amendments are a natural process,” Laneman said.
Minister of the Interior Kristian Jaani (Center Party) said that no existing rules of personal data processing will be amended. “ABIS will not introduce new legal grounds for the processing of personal data and will instead see the creation of a standalone database in order to adopt modern technical solutions.” For that purpose, fingerprints and photographs of people, or their biometric data, currently processed in one database will be separated from their biographic data, such as name and personal identification code.
Laneman described the initiative as a good idea with a but. “Why this reluctance to introduce guarantees in the bill? There were several questionable aspects. Firstly, what kind of data is collected exactly. Who has access to the database? And perhaps the most covert and most important aspect is that any such capacity should clearly follow democratic process. Any future plans for adding more data or rendering the project even more powerful should be subject to control on the legislative level.”
Laneman also raised security concerns, pointing out several recent issues involving databases. “It is often the same group of companies and specialists handling these matters in our small country. I believe we have reason to delve deep and ask whether we have received answers to all our questions,” Laneman said, adding that he is disappointed the process has been rendered political.
Former state internal security expert Erkki Koort sees the need for greater emphasis on parliamentary or civil control.
“The current measure of civil control and the parliament’s ability to realistically keep tabs on various aspects remains questionable at present,” Koort found.
The media has previously written about the interior ministry’s promise to keep fingerprints used to issue travel documents separate from those used in criminal proceedings. This condition will be abolished in the new database.
Koort, who served as deputy secretary general of the ministry, says there was a the plan to keep the two fingerprint databases separate and that he does not know what caused things to change. He suggests changes started happening when the Police and Border Guard Board merger took place. This brought the citizenship and migration authority that had until then been in possession of the fingerprints database under the same roof with the police.
However, Koort does not see the bill as problematic in the grand scheme of things as Estonia has been working on this matter on the EU level for years. “We can look at the example of a European country that compared its criminal and asylum seekers fingerprint databases and found that every sixth set was a match. Without making the comparison, a lot more resources would have been spent on identifying violators, including people coming from the outside.” He added that it it insensible to render one’s country more expensive and inefficient by refusing to use existing data.
Sworn lawyer Leon Glikman sees the bill as problematic first and foremost from the point of view of legal certainty and good legislative practice. “Because the state initially promised to use fingerprints and facial recognition data solely for identification purposes and is now seeking to expand that use to criminal proceedings, the bill would have required a much broader public debate,” Glikman said, pointing to the right not to incriminate oneself. “Surrendering one’s biometric data, one is unfortunately doing just that,” the legal expert said.
Possibilities of science
Glikman does not agree with those who claim the state should not collect biometric data at all as it would be foolish not to take advantage of scientific advancement. “The European Court of Human Rights has said that adoption of new technical tools opens the door to extensive basic rights infringement, which is why the law must be especially thorough in prohibiting misuse. The current bill should be rendered more detailed to ensure use of data following the principle of ultima ratio.”
Glikman said that the main aim of data processing should be identification, the list of officials with access to and responsibility for the integrity of data should be disclosed and every instance of data being accessed recorded, and the person whose right to privacy was breached should be notified immediately, alongside being given financial compensation.