General Approach of the Council of Europe on the Protection of Biometric and Genetic Data
Yıl 2024,
Sayı: 60, 343 - 374, 25.10.2024
Songül Atak
Öz
The most important European Council document in the field of personal data is “The Convention for the Protection of Individual with Regard to Automatic Processing of Personal Data”. The Convention adopted by the Council of Europe in 1981 and came into force in 1985.
The European Convention on Human Rights that adopted by the Council of Europe in 1950 also provides protection for personal data. Despite the fact that there is no clear provision about personal data, The European Human Rights Court has examined complaints with regard to alleged violations of personal data. The Court notes that the rights of private life which protected in article 8 of the Convention extends to aspects relating to personal data.
Biometric and genetic data are sensetive data those take part within personal data and need to be protected more strongly. Specially because of technological progress taking place during recent years, the need of protection of these data has increased. The Council of Europe has taken this reality into consideration and made important regulations in this field.
In this study, the documents which adopted by the Council of Europe about the protection of biometric and genetic data and the views of The European Human Rights Court in this field have been reviewed.
Etik Beyan
This article is not subject to Ethics Committee permission
Kaynakça
- Bennett C.J ve Raab C.D, The Governance of Privacy Policy Instruments in Global Perspective, (Ashgate Publishing Company, England, 2004).
- Beyleveld D ve Taylor M.J. “Data protection, Genetics and Patents for Biotechnology”, (2007) 14 European Journal of Health Law, 177-187.
- Bouchagiar G, Recognised and Harmed, a Classification Approach to Facial Recognation Technologies, (Ethics International Press Ltd, UK 2023).
- Dixon P, “A Failure to “Do No Harm”– India’s Aadhaar Biometric ID Program and Its Inability to Protect Privacy in Relation to Measures in Europe and the U.S.”, (2017) 7(4), Health Technol.(Berl), 539-567.
- De Gorgey A, “The Advent of DNA Databanks: Implications for Information Privacy”, (1990) XVI (3) American Journal of Law and Medicine, 381-398.
- Fernandez H.K, “Genetic Privacy, Abandonment, and DNA Dragnets: Is Fourth Amendment Jurisprudence Adequate?”, (2005) 35 (1) The Hastings Center Report, 21-23.
- Gertz R., “Is it ‘Me’ or ‘We’? Genetic Relations and the Meaning of ‘Personal Data’ Under the Data Protection Directive”, (2004) 11 European Journal of Health Law, 231-244.
- Hert P.D ve Christianen K, “Progress Report on The Application of the Principles of Convention 108 to the Collection and Processing of Biometric Data”, (2013), Tilburg Institute for Law, Technology, and Society (TILT) (https://rm.coe.int/progress-report-on-the-application-of-the-principles-of-convention-108/1680744d81) Erişim Tarihi: 01.06.2024.
- Hodge J.G, “Privacy and Antidiscrimination Issues: Genetics Legislation in the United States”, (1998) 1(3) Community Genetics, 169-174.
- Hondius F.W, “Protecting Medical and Genetic Data”, (1997) 4 European Journal of Health Law, 361-388.
- Kwiatkowski P, “European Court of Human Rights Case Law on Genetic Information in the Scope of International Biomedical Law”, (2020) 11 Adam Mickiewicz University Law Review, 119-137.
- McCormack D, “Can Corporate America Secure Our Nations? An Analysis of the Identix Framework for the Regulation and Use of Facial Recognition Technology”, (2003) 9(1) Issue 1, Boston University Journal of Science & Technology Law, 128-155.
- Mclaughlin M.M ve Vaupel S, “Constitutional Right of Privacy and Investigative Consumer Reports: Little Brother is Watching You”, (1975) 2 (3) Hasting Constitutional Law Quarterly, 773-828.
- Milligan C.S, “Facial Recognition Technology, Video Surveillance, and Privacy”, (1999) 9 (1) Southern California Interdisciplinary Law Journal, 295-333.
- Murauskas D, “Predictive Analytics in crime Prevention and the European Convention on Human Rights: Tackling Risks in Privacy and Fair Trial Frameworks”, (2021) 97 Acta Universitatis Lodziensis Folia Iuridica, 225-250.
- Nelkin D ve Andrews L, “Surveillance Creep in the Genetic Age”, David Lyon (edt), Surveillance as Social Sorting Privacy, Risk and Digital Discrimination, (Routledge, 2003) 94-109.
- Pearce G ve Platten N, “Achieving Personal Data Protection in the European Union”, (1998) 36 (4) Journal of Common Market Studies, 529-547.
- Rezende I.N, “Glukhin and the EU regulation of facial recognition: Lessons to be learned?”, 19 September 2023, European Law Blog, News and Comments on EU Law, (https://europeanlawblog.eu/2023/09/19/glukhin-and-the-eu-regulation-of-facial-recognition-lessons-to-be-learned/) Erişim Tarihi: 19.05.2024.
- Sarfraz N, “Adermatoglyphia: Barriers to Biometric Identification and the Need for a Standardized Alternative”, (2019) 11 (2) Cureus, 1-12.
- Schwartz P.M, “European Data Protection Law and Restrictions on International Data Flows”, (1995) 80 (3) IOWA Law Review, 471-496.
- Smith M ve Miller S, “The Ethical Application of Biometric Facial Recognition Technology”, (2022) 37, AI & SOCIETY, 167-175.
- Sykes C.J, The End of Privacy, Personal Rights in the Surveillance Society, (St. Martin’s Press, 1999).
- Biyometrik Verilerin İşlenmesinde Dikkat Edilmesi Gereken Hususlara İlişkin Rehber, Kişisel Verleri Koruma Kurulu yayını, (https://www.kvkk.gov.tr/Icerik/7047/Biyometrik-Verilerin-Islenmesinde-Dikkat-Edilmesi-Gereken-Hususlara-Iliskin-Rehber) Erişim Tarihi: 07.05.2024.
- Convention for the Protection of Individual with Regard to Automatic Processing of Personal Data, Strasbourg, 28.I.1981, European Treaty Series-No.108 (https://rm.coe.int/1680078b37) Erişim Tarihi: 25.05.2024.
- Convention for the Protection of Human Rights and Fundamental Freedoms, Rome, 4.XI.1950, European Treaty Series - No. 5 (https://rm.coe.int/1680063765) Erişim Tarihi:17.04.2024.
- Convention for the Protection of Human Rights and Dignity of the Human Being with Regard to the Application of Biology and Medicine: Convention on Human Rights and Biomedicine, 4.IV.1997, European Treaty Series-No.164. (https://rm.coe.int/168007cf98) Erişim Tarihi: 17.05.2024.
- Guidelines on facial recognition. Adopted by the Consultative Committee of the Convention for the protection of individuals with regard to automatic processing of personal data (Convention 108), Council of Europe, June 2021 (https://rm.coe.int/guidelines-facial-recognition-web-a5-2750-3427-6868-1/1680a31751) Erişim Tarihi: 10.05.2024.
- Guide to the preparation of contractual clauses governing data protection during the transfer of personel data to third parties not bound by an adequate level of data protection (2002) Prepared by the Consultative Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (T-PD) in 2002 (https://rm.coe.int/090000168068416c) Erişim Tarihi: 01.06.2024.
- Protection of Freedoms Act 2012 (https://www.legislation.gov.uk/ukpga/2012/9/introduction/enacted) Erişim Tarihi: 10.06.2024.
- Parliament of the United Kingdom House of Commons, Science and Technology Committee Sixth Report Current and future uses of biometric data and Technologies, (https://publications.parliament.uk/pa/cm201415/cmselect/cmsctech/734/73402.htm) Erişim tarihi: 10.06.2024.
- Protocol amending the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, 10.X.2018, Council of Europe Treaty Series - No. 223 (https://rm.coe.int/16808ac918) Erişim Tarihi:01.05.2024.
- Progress report on the application of the principles of Convention 108 to the collection and processing of biometric data (2005) (https://rm.coe.int/16806840ba) Erişim Tarihi: 08.05.2024.
- Recommendation No. R (92) 1 on the Use of Analysis of Deoxyribonucleic Acid (DNA) within the Framework of the Criminal Justice System, Adopted by the Committee of Ministers on 10 February 1992 at the 470th meeting of the Ministers’ Deputies (10.02.1992) (https://rm.coe.int/16804e54f7) Erişim tarihi: 17.05.2024.
- Recommendation No. R (97) 5 on the Protection of Medical Data Adopted by the Committee of Ministers on 13 February 1997 at the 584th meeting of the Ministers’ Deputies (13.02.1997) (https://rm.coe.int/cmrec-97-5-on-the-protection-of-medical-data/1680a43b64) Erişim Tarihi: 18.05.2024.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679) Erişim Tarihi: 08.05.2024.
- Regulation (EC) No 444/2009 of the European Parliament and of the Council of 28 May 2009 amending Council Regulation (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32009R0444) Erişim Tarihi: 11.04.2024.
- The Parliamentary Assembly of the Council of Europe, The need for a global consideration of the human rights implications of biometrics, Resolution 1797 (2011) (https://assembly.coe.int/nw/xml/XRef/Xref-XML2HTML-EN.asp?fileid=17968&lang=en) Erişim Tarihi: 04.06.2024.
- The report of the United Nations High Commissioner for Human Rights of 24 June 2020 entitled “Impact of new technologies on the promotion and protection of human rights in the context of assemblies, including peaceful protests” (UN Doc. A/HRC/44/24) (https://documents.un.org/doc/undoc/gen/g20/154/35/pdf/g2015435.pdf?token=qeCXaTMihZum8H9y2e&fe=true) Erişim Tarihi: 11.05.2024.
BİYOMETRİK VE GENETİK VERİLERİN KORUNMASI KONUSUNDA AVRUPA KONSEYİ’NİN GENEL YAKLAŞIMI
Yıl 2024,
Sayı: 60, 343 - 374, 25.10.2024
Songül Atak
Öz
Kişisel verilerin korunması konusunda Avrupa Konseyi tarafından hazırlanan en önemli belge “Kişisel Verilerin Otomatik İşleme Tabi Tutulma Sürecinde Bireylerin Korunmasına İlişkin 108 sayılı Sözleşme”dir. Sözleşme 1981 yılında kabul edilmiş ve 1985 yılında yürürlüğe girmiştir.
Avrupa Konseyi tarafından 1950 yılında kabul edilmiş olan Avrupa İnsan Hakları Sözleşmesi de doğrudan kişisel verilerle ilgili açık bir düzenleme içermemekle beraber, Avrupa İnsan Hakları Mahkemesi konuyla ilgili olarak vermiş olduğu kararlarda Sözleşmenin 8. maddesinde düzenlenmiş olan özel yaşam hakkının kişisel veriler açısından da koruma sağladığını belirtmiş ve bu konuda yapılan başvuruları kabul ederek karara bağlamıştır.
Biyometrik ve genetik veriler kişisel veriler içinde yer alan ve daha güçlü bir korumayı gerektiren hassas verilerdir. Özellikle son yıllarda gerçekleşen teknolojik gelişmeler bu verilerin korunmasına duyulan ihtiyacı daha da artırmaktadır. Bu durumu dikkate alan Avrupa Konseyi bu alanda önemli düzenlemeler yapmıştır.
Bu çalışmada, biyometrik ve genetik verilerin korunması alanında Avrupa Konseyi tarafından kabul edilen belgeler incelenmiş ve Avrupa İnsan Hakları Mahkemesinin bu alanda vermiş olduğu kararlar değerlendirilmiştir.
Etik Beyan
Bu makale Etik Kurul iznine tabi değildir
Kaynakça
- Bennett C.J ve Raab C.D, The Governance of Privacy Policy Instruments in Global Perspective, (Ashgate Publishing Company, England, 2004).
- Beyleveld D ve Taylor M.J. “Data protection, Genetics and Patents for Biotechnology”, (2007) 14 European Journal of Health Law, 177-187.
- Bouchagiar G, Recognised and Harmed, a Classification Approach to Facial Recognation Technologies, (Ethics International Press Ltd, UK 2023).
- Dixon P, “A Failure to “Do No Harm”– India’s Aadhaar Biometric ID Program and Its Inability to Protect Privacy in Relation to Measures in Europe and the U.S.”, (2017) 7(4), Health Technol.(Berl), 539-567.
- De Gorgey A, “The Advent of DNA Databanks: Implications for Information Privacy”, (1990) XVI (3) American Journal of Law and Medicine, 381-398.
- Fernandez H.K, “Genetic Privacy, Abandonment, and DNA Dragnets: Is Fourth Amendment Jurisprudence Adequate?”, (2005) 35 (1) The Hastings Center Report, 21-23.
- Gertz R., “Is it ‘Me’ or ‘We’? Genetic Relations and the Meaning of ‘Personal Data’ Under the Data Protection Directive”, (2004) 11 European Journal of Health Law, 231-244.
- Hert P.D ve Christianen K, “Progress Report on The Application of the Principles of Convention 108 to the Collection and Processing of Biometric Data”, (2013), Tilburg Institute for Law, Technology, and Society (TILT) (https://rm.coe.int/progress-report-on-the-application-of-the-principles-of-convention-108/1680744d81) Erişim Tarihi: 01.06.2024.
- Hodge J.G, “Privacy and Antidiscrimination Issues: Genetics Legislation in the United States”, (1998) 1(3) Community Genetics, 169-174.
- Hondius F.W, “Protecting Medical and Genetic Data”, (1997) 4 European Journal of Health Law, 361-388.
- Kwiatkowski P, “European Court of Human Rights Case Law on Genetic Information in the Scope of International Biomedical Law”, (2020) 11 Adam Mickiewicz University Law Review, 119-137.
- McCormack D, “Can Corporate America Secure Our Nations? An Analysis of the Identix Framework for the Regulation and Use of Facial Recognition Technology”, (2003) 9(1) Issue 1, Boston University Journal of Science & Technology Law, 128-155.
- Mclaughlin M.M ve Vaupel S, “Constitutional Right of Privacy and Investigative Consumer Reports: Little Brother is Watching You”, (1975) 2 (3) Hasting Constitutional Law Quarterly, 773-828.
- Milligan C.S, “Facial Recognition Technology, Video Surveillance, and Privacy”, (1999) 9 (1) Southern California Interdisciplinary Law Journal, 295-333.
- Murauskas D, “Predictive Analytics in crime Prevention and the European Convention on Human Rights: Tackling Risks in Privacy and Fair Trial Frameworks”, (2021) 97 Acta Universitatis Lodziensis Folia Iuridica, 225-250.
- Nelkin D ve Andrews L, “Surveillance Creep in the Genetic Age”, David Lyon (edt), Surveillance as Social Sorting Privacy, Risk and Digital Discrimination, (Routledge, 2003) 94-109.
- Pearce G ve Platten N, “Achieving Personal Data Protection in the European Union”, (1998) 36 (4) Journal of Common Market Studies, 529-547.
- Rezende I.N, “Glukhin and the EU regulation of facial recognition: Lessons to be learned?”, 19 September 2023, European Law Blog, News and Comments on EU Law, (https://europeanlawblog.eu/2023/09/19/glukhin-and-the-eu-regulation-of-facial-recognition-lessons-to-be-learned/) Erişim Tarihi: 19.05.2024.
- Sarfraz N, “Adermatoglyphia: Barriers to Biometric Identification and the Need for a Standardized Alternative”, (2019) 11 (2) Cureus, 1-12.
- Schwartz P.M, “European Data Protection Law and Restrictions on International Data Flows”, (1995) 80 (3) IOWA Law Review, 471-496.
- Smith M ve Miller S, “The Ethical Application of Biometric Facial Recognition Technology”, (2022) 37, AI & SOCIETY, 167-175.
- Sykes C.J, The End of Privacy, Personal Rights in the Surveillance Society, (St. Martin’s Press, 1999).
- Biyometrik Verilerin İşlenmesinde Dikkat Edilmesi Gereken Hususlara İlişkin Rehber, Kişisel Verleri Koruma Kurulu yayını, (https://www.kvkk.gov.tr/Icerik/7047/Biyometrik-Verilerin-Islenmesinde-Dikkat-Edilmesi-Gereken-Hususlara-Iliskin-Rehber) Erişim Tarihi: 07.05.2024.
- Convention for the Protection of Individual with Regard to Automatic Processing of Personal Data, Strasbourg, 28.I.1981, European Treaty Series-No.108 (https://rm.coe.int/1680078b37) Erişim Tarihi: 25.05.2024.
- Convention for the Protection of Human Rights and Fundamental Freedoms, Rome, 4.XI.1950, European Treaty Series - No. 5 (https://rm.coe.int/1680063765) Erişim Tarihi:17.04.2024.
- Convention for the Protection of Human Rights and Dignity of the Human Being with Regard to the Application of Biology and Medicine: Convention on Human Rights and Biomedicine, 4.IV.1997, European Treaty Series-No.164. (https://rm.coe.int/168007cf98) Erişim Tarihi: 17.05.2024.
- Guidelines on facial recognition. Adopted by the Consultative Committee of the Convention for the protection of individuals with regard to automatic processing of personal data (Convention 108), Council of Europe, June 2021 (https://rm.coe.int/guidelines-facial-recognition-web-a5-2750-3427-6868-1/1680a31751) Erişim Tarihi: 10.05.2024.
- Guide to the preparation of contractual clauses governing data protection during the transfer of personel data to third parties not bound by an adequate level of data protection (2002) Prepared by the Consultative Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (T-PD) in 2002 (https://rm.coe.int/090000168068416c) Erişim Tarihi: 01.06.2024.
- Protection of Freedoms Act 2012 (https://www.legislation.gov.uk/ukpga/2012/9/introduction/enacted) Erişim Tarihi: 10.06.2024.
- Parliament of the United Kingdom House of Commons, Science and Technology Committee Sixth Report Current and future uses of biometric data and Technologies, (https://publications.parliament.uk/pa/cm201415/cmselect/cmsctech/734/73402.htm) Erişim tarihi: 10.06.2024.
- Protocol amending the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, 10.X.2018, Council of Europe Treaty Series - No. 223 (https://rm.coe.int/16808ac918) Erişim Tarihi:01.05.2024.
- Progress report on the application of the principles of Convention 108 to the collection and processing of biometric data (2005) (https://rm.coe.int/16806840ba) Erişim Tarihi: 08.05.2024.
- Recommendation No. R (92) 1 on the Use of Analysis of Deoxyribonucleic Acid (DNA) within the Framework of the Criminal Justice System, Adopted by the Committee of Ministers on 10 February 1992 at the 470th meeting of the Ministers’ Deputies (10.02.1992) (https://rm.coe.int/16804e54f7) Erişim tarihi: 17.05.2024.
- Recommendation No. R (97) 5 on the Protection of Medical Data Adopted by the Committee of Ministers on 13 February 1997 at the 584th meeting of the Ministers’ Deputies (13.02.1997) (https://rm.coe.int/cmrec-97-5-on-the-protection-of-medical-data/1680a43b64) Erişim Tarihi: 18.05.2024.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679) Erişim Tarihi: 08.05.2024.
- Regulation (EC) No 444/2009 of the European Parliament and of the Council of 28 May 2009 amending Council Regulation (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32009R0444) Erişim Tarihi: 11.04.2024.
- The Parliamentary Assembly of the Council of Europe, The need for a global consideration of the human rights implications of biometrics, Resolution 1797 (2011) (https://assembly.coe.int/nw/xml/XRef/Xref-XML2HTML-EN.asp?fileid=17968&lang=en) Erişim Tarihi: 04.06.2024.
- The report of the United Nations High Commissioner for Human Rights of 24 June 2020 entitled “Impact of new technologies on the promotion and protection of human rights in the context of assemblies, including peaceful protests” (UN Doc. A/HRC/44/24) (https://documents.un.org/doc/undoc/gen/g20/154/35/pdf/g2015435.pdf?token=qeCXaTMihZum8H9y2e&fe=true) Erişim Tarihi: 11.05.2024.