Committee rules against expanding biometric data collection

A parliamentary committee reviewing the Government’s second tranche of national security legislation has recommended against allowing law enforcement agencies to expand the types of biometric data collected at Australian airports.

The ‘foreign fighters’ bill’ [pdf] - which is targeted at preventing and disrupting domestic terrorist threats by, in some cases, criminalising travel to conflict zones - also includes measures that would result in a major expansion of facial recognition imaging of Australians and non-citizens passing through international airports.

The draft legislation allows for all Australians as well as foreigners to be photographed when they leave Australia and on their return if they use the existing SmartGate systems and eGates at Australia's major international airports. Previously this was limited to non-citizens.

The bill also opens up the possibility of expanding the biometric data - which currently involves a person’s passport photo - to include fingerprint and iris scans, without needing to introduce new legislation.

The Department of Immigration and Border Protection, and Customs would be able to share the biometric information with other government agencies for unexplained "specified purposes" the bill states.

"Should the need arise, and technology improve, other personal identifiers such as a person's fingerprints or iris scan may be prescribed in the Migration Regulations," the bill’s memorandum states.

But the parliamentary committee tasked with reviewing the bill today said the ability to prescribe the collection of additional categories of biometric information should be removed.

“Should this information be required by relevant agencies to ensure Australia’s border security, further legislative amendments should be proposed by the Government and referred to this Committee with appropriate time for inquiry and report," it wrote in its final report [pdf].

It also said the Government should consult with Australia’s Privacy Commissioner and conduct a privacy impact statement before putting forward any future bills to authorise the collection of additional biometric data such as fingerprints and iris scans.

“The Committee has significant concerns about the amendments contained in Schedule 5 that will permit additional categories of biometric data (such as fingerprints and iris scans) to be added to the Migration Regulations without those proposals being subject to sufficient parliamentary approval or public comment,” the committee members stated in the report.

“The Committee appreciates the need for laws to accommodate changes in technology. However, given the sensitive nature of this data, the Committee considers that listing the collection of more personal information (such as fingerprints and iris scans) in regulations is an inappropriate mechanism for such an important policy.

“A formal legislative amendment would be a more appropriate avenue to scrutinise these proposals. The Committee recommends the provisions in the Bill that would allow the collection of this additional information be prescribed in regulations at some later point in time be removed from the Bill."

The committee similarly recommended that the data collected and stored by the Department of Immigration and Border Protection or Customs be subject to a privacy assessment by the Privacy Commissioner, with the result to be reported to the Attorney-General by 30 June next year.

The committee said while it was “generally supportive” of the amendment, the quantity of sensitive personal information proposed to be collected, stored, shared and used by government agencies meant a review of the measure taken to protect the privacy of the information was required.

Immigration was earlier this year investigated by the Privacy Commissioner for inadvertently leaking the personal details of 10,000 asylum seekers on its website.

The foreign fighters' bill is the second of three tranches of legislation the Government will introduce governing national security.

The first involved an expansion of ASIO's warranted access powers, and the third is likely to involve a mandatory data retention scheme for telecommunications and internet service providers.