The European Union is working on a new set of specifications for ID cards of its member states. The specification is set to be aligned on the ICAO MRTD (Machine Readable Travel Documents) one for passports. Announcing an aggressive planning, the European Parliament expects member states to start issuing new ID documents within the next two years, replacing the existing 250 different types of ID cards currently issued by the European member states issued to their citizens and permanent residents. In addition, current cardholders will have to replace their cards within five or ten years according to their degree of security. As of now, it is estimated that around 80 million ID cards in the EU are not machine readable and do not contain biometric data.
The new ID documents will be compliant with the ID-1 format with a machine readable zone, include a contactless chip that will carry the cardholder’s photo and two fingerprints, and it will have to bear EU symbols in addition to national ones. Gerard Deprez, project Rapporteur for the European Parliament, declared that this Regulation does not allow the creation of a European biometric database, as biometric elements will be kept by governments only during the needed time between enrolment and card issuance. He adds that access and usage of biometric data will be strictly controlled.
At the same time, a project in on the table to revise the EU’s Visa Information System (VIS) and to bring interoperability between Entry-Exit System, Visa Information System, European Travel Information and Authorization System, the Schengen Information System, and the European Criminal Records Information System for Third Country Nationals, thanks to an increased use of biometrics. The European Union Agency for Fundamental Rights (FRA) says that fingerprint data should be protected from misuse by adequate safeguards and that the biometrics of certain vulnerable populations, including children, the elderly and those with disabilities may be less reliable. This move will lead to the creation of the Common Identity Repository (CIR), merging previously separate systems tracking migration, travel and crime, set to unify records on over 350 million people, almost all non-EU citizens in the Schengen area. It will also include data on some EU citizens. Per its design, CIR will aggregate both identity records (names, dates of birth, passport numbers, and other identification details) and biometrics (fingerprints and facial scans) and make its data available to all border and law enforcement authorities.
Consequently, privacy advocates are criticizing the project, calling CIR's creation as the “point of no return” in creating “a Big Brother centralized EU state database.” According to ZDNet, “Once up and running, CIR will become one of the biggest people-tracking databases in the world, right behind the systems used by the Chinese government and India’s Aadhar system.” According to news organization Politico Europe, “the database will grant officials access to a person’s verified identity with a single fingerprint scan.” Questions remain open as whether such a database is an appropriate answer to the identified need and is event compliant with EU principles and regulations including GDPR, which states that personal data must be “collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”