A bill expected to be presented to the Finnish Parliament today will require all citizens and anyone who applies for a passport or travel documents through Finland’s borders to end up in a centralized fingerprint database. This information will not only be accessible to customs and immigrations officials, but also by police. The justification for such action lays in the June 28th European Union’s Member State travel document requirements.
This seems to fly in the face of EU’s Privacy Protection Directive, and a long history of pro-privacy government. Finland was one of the early participants of a group called the Organization for Economic Cooperation and Development (OECD), signing up in 1969. The OECD’s eight privacy principals served as a baseline for private data handling within member states and included such items as collecting the minimum amount of information necessary and limitations of use for any data collected.
Finland’s not the first country to register this sort of information – Singapore’s been doing this for several years. They keep all of their citizen’s data (including fingerprints) in one big database called the Central Identification and Registration Information System (CIRIS). It not only covers Singaporian’s, but includes anyone that passes through their customs and immigration checkpoints. Granted, it’s protected through several security mechanisms, they’re a much smaller country land-wise and not affiliated with Europe or it’s wartime past indiscretions, but the population difference is less than 600K in Singapore’s favor and the economic influence of the tiny island can’t be ignored.
Why the parallels to Singapore you may ask? Pedigree. Singapore is part of the Asia-Pacific Economic Cooperation and (mostly) abides by the APEC privacy framework. The nine principles of the APEC privacy framework mirrors the OECD’s eight, including both the Collection Limitation and Use Limitation principles. The CIPP covers all of this history and evolution between the various privacy assurance concepts.
Finland might look over some of Singapore’s justifications for private data centralization in selling this to their citizens. Are they collecting the fingerprints just to have them on file? Maybe someone somewhere might do something criminal?
The Google translation of the Finnish government’s statement is here.