Legal Problems Regarding Personal Data Protection for Biometrics

Authors

  • Sangravee Vipulakom สาขานิดิศาสตร์
  • Saravuth Pitiyasak

Keywords:

Personal Data Protection, Biometrics Data, Lawful Basis, Biometrics Security

Abstract

The objectives of this thesis are to (1) study concepts relating to personal data, biometrics  data, and general characteristics of biometric technology; (2) compare personal data privacy laws on biometrics among various countries, and (3) examine problems concerning Thailand’s personal data protection for biometrics.

The results of the study are to improve the Personal Data Protection Act 2019 as follow: (1) The term "biometrics" and the definition given may be ambiguous and tend not to support the rapid advancement of technology.  The definition should therefore be adjusted accordingly; (2) The conditions for processing of biometrics are already suitable to cover the rights of the data subjects; (3) The security of biometrics should be based on international standards and use both “protection by design” and “protection by default”.  Impact assessment and the justifications for using biometrics should always be done prior to the decision to use biometrics technology.   If the result of the impact assessment is “high impact” then approval from the supervisory authority should be obtained prior to the use of biometrics; (4) Data subjects should be able to file complaints or lawsuits on biometrics violations without having to proof actual or financial damages. The loss of control or the simple violation of the data subject rights should be a sufficient cause for filing complaints or lawsuits; (5) Penalties for violations relating to biometrics under Personal Data Protection Act 2019 should be set per data subject instead of per violation.  This will be a deterrence to data controller and encourage them to put in place proper security measures.

References

Alcohol's Effects on Eye Health. Retrieved from https://guardionhealth.com/alcohols-effect-eye-health/

Clarke, R. (1997). Introduction to Dataveillance and Information Privacy, and Definitions of Terms. In X. Consultancy (Ed.). Retrieved from http://www.rogerclarke.com/DV/Intro.html

Coseraru, R. (2017). Facial Recognition Systems and their Data Protection Risks Under the GDPR. (Master Thesis ), Tilburg University, Retrieved from http://arno.uvt.nl/show.cgi?fid=143731

Covington & Burling LLP. (2019). Landmark Case Opens the Door to UK Data Protection Consumer Class Actions. Retrieved from https://www.cov.com/en/news-and-insights/insights/2019/10/landmark-case-opens-the-door-to-uk-data-protection-consumer-class-actions

Friedewald, M., Finn, R., & Wright, D. (2013). Seven Types of Privacy. Retrieved from https://www.researchgate.net/publication/258892458_Seven_Types_of_Privacy

Hall, J. A., & Kimura, D. (1994). Dermatoglyphic Asymmetry and Sexual Orientation in Men. Behavioral Neuroscience, 108(6), 1203-1206.

Kent, J. (2005). Malaysia car thieves steal finger. Retrieved from http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

Kindt, E. J. (2013). Privacy and Data Protection Issues of Biometrics Applications. New York: Springer.

Pfitzmann, A. (2008). Biometrics - How to Put to Use and How Not at All? In S. Furnell, S. K. Katsikas, & A. Lioy (Eds.), Trust, Privacy and Security in Digital Business, LNCS (Vol. 5185, pp. 3-5). Springer-Verlag Berlin Heidelberg: TrustBus 2008.

Saravuth Pitiyasak (2018). Cloud Computing Policy and Personal Data Protection in the Cloud among the European Union, the United States, Australia and ASEAN : A Thailand Perspective. Thailand Research Fund (TRF) (in Thai).

Scharr, J. (2014). iPhone Hack Fools Touch ID with Hand Photos. Tom's Guide. Retrieved from https://www.tomsguide.com/us/iphone-touch-id-hack,news-20066.html

Smith, M., Mann, M., & Urbas, G. (2018). Biometrics, Crime and Security. New York: Routledge.

Supawat Malanon, & Chinopass Udomphol (2020). ISO 27001 Standard and Personal Data Protection Act. Kaohoon Business Online. Retrieved from Kaohoon Business Online News website: https://www.kaohoon.com/content/379182 (in Thai).

Thammasat University-Research and Consultancy Institute. (2015). A complete report on the Study and Development of Personal Data Protection Guidelines under the ASEAN Community. Retrieved from http://www.oic.go.th/FILEWEB/CABIWEBSITE/DRAWER01/GENERAL/DATA0007/00007559.PDF (in Thai).

Toli, C.-A. (2018). Secure and Privacy-Preserving Biometric Systems. (Doctor of Engineering Science (PhD)), Katholieke Universiteit Leuven, Retrieved from https://www.esat.kuleuven.be/cosic/publications/thesis-308.pdf

Downloads

Published

2022-05-12

How to Cite

Vipulakom, S., & Pitiyasak, S. . (2022). Legal Problems Regarding Personal Data Protection for Biometrics. Sukhothai Thammathirat Open University Journal, 34(2), 36–59. retrieved from https://so05.tci-thaijo.org/index.php/stouj/article/view/250712

Issue

Vol. 34 No. 2 (2021): July - December 2021

Section

Research Articles

License

Copyright (c) 2022 Sukhothai Thammathirat Open University

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

บทความที่ได้รับการตีพิมพ์เป็นลิขสิทธิ์ของวารสารมหาวิทยาลัยสุโขทัยธรรมาธิราช

ข้อความที่ปรากฏในบทความแต่ละเรื่องในวารสารวิชาการเล่มนี้เป็นความคิดเห็นส่วนตัวของผู้เขียนแต่ละท่านไม่เกี่ยวข้องกับมหาวิทยาลัยสุโขทัยธรรมาธิราช และคณาจารย์ท่านอื่นๆในมหาวิทยาลัยฯ แต่อย่างใด ความรับผิดชอบองค์ประกอบทั้งหมดของบทความแต่ละเรื่องเป็นของผู้เขียนแต่ละท่าน หากมีความผิดพลาดใดๆ ผู้เขียนแต่ละท่านจะรับผิดชอบบทความของตนเองแต่ผู้เดียว

ห้ามนำข้อความทั้งหมด หรือบางส่วนไปพิมพ์ซ้ำ เว้นแต่จะได้รับอนุญาตจากกองบรรณาธิการวารสาร