The future of the seamless traveller journey is now

In the wake of the Covid-19 pandemic, enabling a seamless, contactless, traveller journey is becoming more a matter of necessity rather than an option. We provide an account of the regulatory challenges and opportunities for biometric technologies companies facilitating a seamless traveller experience.

Before the Covid-19 pandemic, the concept of the seamless traveller journey had been making good progress. It would improve travellers’ experience by enabling a seamless but secure end-to-end journey which at the same time reduces inefficiencies in the supply chain of travel and tourism services. Travellers would be required to confirm their identity and booking data once only, instead of producing documents at multiple stages of their journey i.e. when booking flights, hotels, checking-in, passing security and crossing borders, boarding the plane etc.

Travelling, by its very nature, involves contact for the purpose of processing, from making bookings, to check-in, security, customs, and immigration. A survey by TPG in February 2020 found that more than 55% of travellers found the process of air travel - from booking, getting to the airport, and boarding - more stressful than work. The Covid-19 crisis has definitely not made these processes any more pleasant. But the pandemic has shown that enabling a seamless traveller journey is now a matter of necessity rather than just ensuring a hassle-free journey for travellers.

Covid-19 has forced the travel sector to use technologies including biometrics, AI and digital identity management to ensure a ‘contactless’ provision of services, such as self-check in, drop-off, automated identity verification etc. to reduce the risk of spreading pathogens. Biometric systems, alongside offsite processing, identity management and contactless technologies have come to the fore as a key technology for early detection, patient screening and public safety monitoring, to contain the spread of Covid-19.

Several airports around the world are already rolling out pilot projects. For example, the Face Boarding project, which is being trialled with Alitalia on the Milan Linate-Rome Fiumicino route, enables travellers to go through security and boarding using facial recognition, without needing to show an identity document. Similarly, Avinor has rolled out an end-to-end touchless travel programme using Global Distribution System Amadeus’ technologies at several airports in Norway to boost and restore traveller confidence. Passengers can check-in, drop their luggage, pass through security, and board the plane without any interpersonal contact or touching machines.

Although many other such programmes are expected to follow suit in Europe, when it comes to the use of biometric data, EU regulators, as always, are over-cautious. Below we analyse the EU regulatory landscape on biometric technologies that technology solutions companies might consider.

Regulatory challenges and opportunities

As of May 2020, at least 15 European countries had been experimenting with biometric technologies such as facial recognition in public spaces. When it comes to the use of biometric data, the core legislative act is the contentious General Data Protection Regulation (GDPR), which sets out the principles for data protection. Under Article 9, the rules and criteria that must be applied to process biometric data such as faces or fingerprints are much stricter because such data is considered sensitive. Although not technically forbidden to process biometric data under GDPR, Member States maintain the right to adopt, modify or introduce more specific national rules and ensure their enforcement. In other words, by making an artificial distinction between different categories of biometric data, GDPR does not provide clear rules but provides principles for a subjective and use-based approach for Member States.

This can be regarded as yet another stance where technologies move ahead of the regulations and where policymakers are still in the process of defining the rules. As the GDPR framework has not provided sufficient clarity for data protection when it comes to biometric technologies, the Commission has opened a debate on how to deal with these technologies within the White Paper on Artificial Intelligence.

Earlier this year the EU’s executive arm considered introducing a five-year ban on the use of facial recognition technologies in public spaces until it assessed how to prevent the abuse of these technologies. Not long after, the Commission changed its mind and announced its ambitions to introduce a legislative instrument to regulate AI. However, as argued elsewhere, the risks might be great for the AI industry if the Commission regulates too soon and gets it wrong. Member States might agree as, recently, thirteen countries co-signed Denmark’s initiative that warned against over-regulating artificial intelligence technology; as overburdening tough laws could hamper the development of the European AI industry.

The initiative for regulating AI has been dropped from the Commission’s work programme for 2021. This might provide the industry with some breathing space to grow within Europe, while buying time to engage further and shape the decision-making processes of the EU institutions, which are deliberating on how to regulate AI and implicitly, biometric technologies.

The Commission considers, however, that the biometric technologies are so-called ‘high-risk applications’ and a series of stricter rules and standards should apply. Requirements could include imposing the burden of proof on companies to demonstrate they comply with EU safety standards; obligations to use data sets that are sufficiently representative; and providing records on the programming and training methodologies, processes and techniques used to build, test and validate the AI systems. The co-legislators seem to be no less cautious on that front. In the European Parliament Digital Services Act Report, Members warn that biometrics are posing “serious risks and interferences with the rights to privacy and data protection” and demand that the European Commission give consumers the right to opt-out and be provided with alternatives to using biometric data.

Following significant political pressure, the EU’s executive arm acknowledged that a proper debate on how to deal with these technologies is needed, particularly as few stakeholders are convinced that the EU has found “the silver bullet” that allows it to distinguish between ‘high-risk’ and ‘low-risk’ AI applications. Although there is some way to go before there is a coherent approach to ensure biometric data privacy and data sharing to enable a seamless traveller journey, the debate at EU level on regulating artificial intelligence is something that the travel technology industry might not want to miss.