The law proposing the introduction of a new biometric ID for French citizens has been found unconstitutional by the French Constitutional Council. More than 200 members of the French Parliament had referred the law to the Constitutional Council on 7 March 2012, a day after the French National Assembly passed the 10-article law under the pretext of combating “identity fraud”.
According to the bill, more than 45 million individuals in France would have their fingerprints and digitised faces stored in what would be the largest biometric database in the country. The biometric ID card was to include a compulsory chip containing personal information, such as fingerprints, a photograph, home address, height, and eye colour. A second, optional chip was to be implemented for online authentication and electronic signatures, to be used for e-government services and e-commerce.
The opposing parliamentarians challenged the compatibility of the bill with the citizens’ fundamental rights including the right to privacy and the presumption of innocence. In passing the bill, the National Assembly ignored CNIL’s (French Data Protection Authority) report of October 2011 that was criticizing the creation of the centralized biometric database. It also entirely ignored the general opposition at the European level. In 2011, EDRi and 80 other civil liberties organizations asked the Council of Europe to study whether biometrics policies respect the fundamental rights of every European.
Moreover, previous experiences in France with biometric passports (highly criticised as well) have proven entirely unreliable with about 10% of the issued passports having been fraudulently obtained. The bill does not take into consideration either the position of the European Court of Human Rights which in 2008 condemned UK for breaching the right to privacy after the creation of a file including data on all people involved in a crime, irrespective of their position (victim, witness, suspect or guilty).
On 22 March, the Constitutional Council found unconstitutional four articles of this law, as well as part of other two articles. The council reminded that “the collection, registration, preservation, consultation and communication of personal data have to be justified by a general interest reason and carried put properly and proportionally”.
While the Council found no problem related to the general interest, it clearly raised the issue of proportionality. “Regarding the nature of the recorded data, the range of the treatment, the technical characteristics and conditions of the consultation, the provisions of article 5 touch the right to privacy in a way that cannot be considered as proportional to the meant purpose”.
The Council also had objections against the creation of the huge biometric database considering the fact that the National Assembly had authorized the use of the database by the police for extended purposes from the identification of an accident victim to finding the authors of law infringements or crimes.
The Council also sanctioned the confusion in the bill text between an identity document and an electronic payment means. The idea was that the ID could contain data allowing the owner to apply an electronic signature in view of electronic transactions. The Council drew the attention on the fact that the law did not specify the nature of the data and did not provide any guarantee for the integrity and confidentiality of these data and considered that the legislator has exceeded its competence in this matter. In other words, that the government did not really know what they were talking about.