When investigating crimes during the G20 summit in Hamburg in July 2017, the police may continue to use a database for mass balancing of biometric facial data. On Wednesday, the Administrative Court of the Hanseatic City canceled the order of the Hamburg Data Protection Supervisor to delete this so-called reference database. The judges classified this order as unlawful. (Az 17 K 203/19)
Basis for the decision of the administrative court was a complaint of the Hamburg Interior Senator. As regards the order of the Supervisor, the conditions in the court's opinion were not met. The latter would have had to take a closer look at the data processing of the police in concrete form and make their own findings regarding a violation of data protection regulations.
An appeal did not allow the court. The data protection officer could now submit an application for admission to appeal at the Hamburg Higher Administrative Court.
"Problematic and contradictory"
The Hamburg police set to clarify the serious riots at the G20 summit on facial recognition software. This procedure is controversial.
In a SPIEGEL interview, Hamburg's data protection commissioner Johannes Caspar said in January that he assumed that collecting and saving the image and video files of persons who committed crimes at the G20 summit by the police basically complied with the statutory rules. However, in his view, this does not apply to the biometric processing of this raw material through the use of facial recognition software. "Data from mostly completely uninvolved persons are biometrically processed and stored for the purpose of prosecution," said Caspar at that time.
Caspar was disappointed by the judgment of the administrative court accordingly. According to a communication from its authority, the court appears to limit the data protection officer's competence "to a review of data processing in a concrete form and to violations of individual data protection laws". In "cases where the data processing by the responsible authority without legal basis takes place and thus a legal review framework is missing", this is "problematic and contradictory".
The agency's recent communication states that the court's decision clears the way for "all future data from public space to be collected for prosecution and used to generate biometric profiles," without specific legal requirements being independent Control to secure the rights of those affected ".