The fate of biometric data
Josefina Román, commissioner of the Inai, explains that the AIFA recently disincorporated itself from the Secretary of National Defense (Sedena) and acquired its own figure as an obligated subject in terms of transparency.
It details that for the use of systems with facial recognition, a privacy notice must be created in which it is made clear what the destination of the personal data of the users will be, as well as the time in which they will be protected.
“The ideal thing would be to delete (data and photographs) immediately. If the privacy notice says ‘do you prefer that they be kept if you are going to be a frequent user?’ documents, as well as the impact assessment, also the privacy notice,” he says in an interview.
Román considers it necessary for the airport authorities to carry out an impact assessment regarding the protection of personal data, with a timely accompaniment from the Inai and a follow-up of compliance with the corresponding obligations. This process can be carried out on the fly, although the ideal would be for the E-Gates biometric system to come into operation adhering to all the regulations regarding transparency and protection of personal data.
“That document (the evaluation) is going to tell us a lot about those security measures, the risk that at any given moment we could have and everything that has to be worked on to shield personal data,” explains the commissioner.
Juan José Tena, Tec de Monterrey researcher on transparency and anti-corruption, points out that, although the AIFA will have an advanced security system, similar to those used in other airports in cities such as Paris, London, New York and Argentina, among others, users must take the time to read the privacy notice and know exactly the destination of their data and, where appropriate, access their ARCO rights (Access, Rectification, Cancellation and Opposition).