Why and for how long can European governments retain fingerprints under European human rights law? A recent judgment of the European Court of Human Rights sets out parameters that should affect policing practices and could carry broader consequences for the collection and retention of sensitive personal data. The court ruled in M.K. v. France that French authorities violated the applicant’s right to respect for his private life when they retained his fingerprints in a government database after he was acquitted of a crime for which he had been a suspect.
M.K. had been suspected of the theft of a book and had his fingerprints were taken during the ensuing investigation. The prosecutor eventually closed the investigation and issued a decision not to prosecute. Afterward, the applicant unsuccessfully requested the removal of his fingerprint data from a computerised database maintained by the French authorities.
He eventually complained to the European Court that retention of his fingerprint data had infringed on his right to respect for his private life under Article 8 of the European Convention on Human Rights.
In the judgment, issued on April 18, 2013, the court ruled that the protection of personal data was of fundamental importance to a person’s enjoyment of his right to respect for private life, and that the required protections of data were even greater when the data underwent automatic processing and were used for police purposes. It held that any retention of personal data—and the length of time they are retained—must be proportionate to the purposes for which they are stored.
The court rejected the French government’s proffered justifications for retaining the data because they were either insufficiently narrow—they failed to consider the seriousness of the offense and they applied data retention to persons who had not been convicted. The court therefore concluded that the French government failed to strike a proper balance between the public and private interests at stake, and violated M.K.’s Article 8 rights.
The decision could have effects outside the context of policing. The legitimacy of retaining fingerprint data has also come under scrutiny in the case of the contentious Roma census performed by the Berlusconi government in Italy during 2008.
As part of the so-called “Nomad Emergency” declared in 2008 and lasting until December 2011, the Italian government created a census of ethnic Roma in Italy that included the collection of fingerprints, photographs, and other personal information of people living in Roma camps. In order to obtain a housing allowance, residents were required to participate in the Roma census, but it has been shown that the data from the Roma census have subsequently been used for additional purposes, including by immigration authorities and law enforcement.
Elviz Salkanovic, an Italian citizen of Roma origin, was fingerprinted and photographed together with his family prior to the mass eviction from the historic Roma camp “Casilino 900.” When, in November 2011, Salkanovic tried to access his data, he found his fingerprints and picture were still being held by the police in Rome. Shortly afterwards, the Italian government declared to the UN’s Committee on the Elimination of Racial Discrimination (CERD) that these databases had all been deleted.
Represented by Associazione 21 Luglio, Associazion Studi Giuridici sull’Immigrazione, and the Open Society Justice Initiative, Salkanovic filed a petition with the Civil Court of Rome in June 2012 seeking a declaration that the Roma census violated Italian and EU antidiscrimination and data protection law and that the police and other authorities must destroy the census data. A judgment is expected in mid-2013.