Fingerprint-based identity verification for inclusion in travel document

We deploy the algorithm as technical support for verifying whether two fingerprints come from the same finger of the same person. The fingerprints in question are those recorded in the travel document.

Fingerprints are only used to check a person's identity (identity verification) if there is doubt about the authenticity of the travel document and the holder's identity. Before taking fingerprints, we first check the authenticity of the travel document and the identity of the holder with a facial image. There is more on fingerprinting in this situation in recital 19 of Regulation 2019/1157. Using fingerprints for identity verification together with facial comparison is an appropriate way to establish a person's identity. It reduces the susceptibility to fraud, allowing us to better secure travel documents.

We monitor and carry out the verification process under the guidance of the designated employee. Among other things, this employee checks: 1) whether the applicant's fingertips contain prostheses, whether the fingerprints are fake or whether the fingertips are deliberately damaged, and 2) whether the applicant does not present fingers incorrectly or swap fingers or hands.

No basic security test was taken

The legal basis for both the first and second cases lie in Regulation (EC) 2252/2004* and Regulation (EU) 2019/1157** . These regulations provide, among other things, that the fingerprints to be included in passports, travel documents and identity cards can only be used to verify: a) the authenticity of the document and b) the identity of the holder. The provisions are anchored in national legislation, namely in Section 3 of the Passport Act in conjunction with the regulations below: 1. With regard to the first case in which the algorithm is used (quality comparison), Article 28a of the Passport Implementation Regulations Netherlands 2001 describes the manner in which the fingerprints of the applicant for a travel document are recorded and in which cases this may be waived. The quality of the recorded fingerprint(s) is crucial therein (paragraph 2-3)*** 2. That the algorithm can be deployed for identity verification upon issue is articulated in Article 4.6 of the Passport Decree. With the deployment of the algorithm, biometric data and thus special personal data are processed within the meaning of the General Data Protection Regulation (AVG). In principle, the AVG prohibits the processing of special personal data. However, the national legislator has used the space for member states to create exemptions for processing special personal data for reasons of public interest (Article 9(2) AVG). Article 29 of the AVG Implementation Act allows processing of biometric data for the purpose of unique identification if the processing is necessary for authentication and security purposes * Article 4(3) of Council Regulation (EC) 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States. ** Article 11(6) of the Regulation (EU) 2019/1157 of the European Parliament and of the Council of 20 June 2019 on enhancing the security of identity cards of Union citizens and of residence documents issued to Union citizens and their family members exercising their right to free movement. *** See also Article 40a of the Passport Implementation Regulations Caribbean countries and Article 42a of the Passport Implementation Regulations Abroad 2001.

- General Data Protection Regulation Implementation Act - Passport Regulation (Regulation (EC) No 2252/2004) - Identity Cards Regulation EU 2019/1157 Separate datasets are used for training, testing and validation. Training, testing and validation datasets contain representative data of global populations.

A fingerprint matching algorithm compares two fingerprint images and gives a decision of match or no match.