Wolf Theiss explains concepts of electronic signature and biometrics

By Alexandru Campean, Senior Lawyer and Monica Tinteanu, Junior Lawyer at Wolf Theiss


"Biometric data", as defined in Opinion no. 4/2007 on the concept of personal data, which was established under Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, refers to biological properties, physiological characteristics, living traits or repeatable actions that are both unique and measurable. The biometric data of an individual may be provided, inter alia, by fingerprints, retinal patterns, facial structure, voices, but also hand geometry, vein patterns or even some deeply ingrained skill or other behavioral characteristic, such as a handwritten signature, the manner of speech and even walking.

These traits can identify an individual by "who they are" and not through "what they know" (e.g.PIN codes, passwords) or "what they have" (e.g.tokens, pads). Therefore, it is considered a more accurate and secured way by which to establish whether a person attempting to access an internet account is the actual owner of the account.

The concept of biometric signature is not specifically defined by the relevant Romanian legislation. Nevertheless, we can interpret a biometric signature as a type of electronic signature, which is created by using a specialized electronic device (e.g.a signature pad or a tablet) that records the biometric data of the handwritten signature. The signing process for such electronic documents has the following characteristics:

  • a signature pad captures the biometric data of a handwritten signature;

  • the signature pad captures as raw data the position (x,y), angle (of the pen) and pressure (applied with the pen on the tablet);

  • by using a certain software, the raw data captured by the signature pad is converted into biometric data, as follows: (i) time-based data (rhythm) – speed and acceleration; (ii) pressure; (iii) graphic data; (iv) angle; and (v) angle difference.

Taking into consideration these above mentioned features, a biometric signature may be construed as an advanced version of an electronic signature, as this is regulated in Romania by Law no. 455/2001 regarding the electronic signature ("Electronic Signature Law").

The Electronic Signature Law provides the relevant terminology with respect to this type of signature, as follows:

    1. "electronic signature" means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication;

    2. "extended electronic signature" means an electronic signature which meets all of the following requirements: (i) it is uniquely linked to the signatory; (ii) it ensures the identification of the signatory; (iii) it is created by using means that the signatory can exclusively maintain under his sole control; and (iv) it is linked to the electronic data to which it relates in such a manner that any subsequent change of the data is detectable.

With respect to its effects, an electronic document bearing an extended electronic signature is considered as a private deed (in Romanian: "înscris sub semnătură privată") if its extended electronic signature fulfils the following two conditions: (i) it is based on a qualified certificate1which is not suspended or revoked at that time; and (ii) it must be generated using a secure signature creation device.

Furthermore, if the law requires the written form in order for a legal deed to be considered valid or to be admitted as proof in a court of law, then an electronic document satisfies this condition if it has incorporated within it, attached to it or logically associated with it an extended electronic signature, based on a qualified certificate and which is generated by using a secure signature creation device.

If the contractual party recognizes an electronic document which bears an electronic signature, then such electronic document shall be considered as a notarial deed (in Romanian: "act autentic"). If the contractual party does not recognize an electronically signed document or an electronic signature, the court can order the verification of such document by technical expertise.

The Electronic Signature Law sets out certain obligations for certification services providers, such as the obligation to create and maintain an electronic registry keeping a record of all issued certificates. Any providers of certification services as well as entities using and processing data related to biometric signature must comply with the obligations set out in Law no. 677/2001 on data protection.

Accordingly, the rules provided by the Electronic Signature Law may be construed to also apply to biometric signatures.

Hence, we may conclude that this type of signature can be used in order to execute and validly conclude legal deeds that will produce effects and will be accepted in Romanian courts, subject to their compliance with the mandatory requirements of the Electronic Signature Law. The multiple practical uses of the biometric signature are obvious. Whether it is used for securing banking transactions, safeguarding healthcare records, online purchases, paying taxes in a matter of seconds or simply creating new business online, the biometric signature will help control risk, reduce fraud, manage security and maintain compliance.

 

1 A qualified certificate means a certificate (i.e. a collection of data in electronic form that attests to the link between a person and the signature-verification data, confirming the identity of such person) that meets the requirements specified in article 18 of Law 455/2001 and is issued by a certification service provider which complies with the provisions of article 20 of Law 455/2001.

 


November 14, 2024 11:44
Article written by Mihaela Nyerges, Managing Partner and Paraschiv Sandu, Asso...more »
August 30, 2024 15:49
 Article by Adela Nuță, Baciu Partners Romania stands on the verge of ...more »
 
July 29, 2024 09:53
Article by Flavius Florea, Counsel, TMT, IP & Data Protection practic...more »
July 18, 2024 17:23
article by Andrada Popescu, Noerr During this heatwave, you might think that ...more »
*
Govnet Next Events