European data privacy watchdogs European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have called for a ban on use of facial recognition in public spaces. Both organisations have adopted a joint opinion on the European Commission’s Proposal for a regulation laying down harmonized rules on artificial intelligence (AI).
The European Commission’s proposal aims to restrict use of live facial recognition in public places by law enforcement, but does not outright ban it. However, EDPB and EDPS are calling for a blanket ban on “use of AI for automated recognition of human features in publicly accessible spaces, and some other uses of AI that can lead to unfair discrimination.”
“Extremely High Risks“
Speaking about the European Commission’s proposal, the EDPB and EDPS say they welcome the risk-based approach underpinning the proposal. They consider that the concept of “risk to fundamental rights” should be aligned with the EU data protection framework, and that societal risks for groups of individuals should also be assessed and mitigated. However:
Taking into account the extremely high risks posed by remote biometric identification of individuals in publicly accessible spaces, the EDPB and the EDPS call for a general ban on any use of AI for automated recognition of human features in publicly accessible spaces, such as recognition of faces, gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals, in any context.”
Both organisations further recommend a ban on AI systems using biometrics to categorize individuals into clusters based on ethnicity, gender, political orientation, etc. They also consider that the use of AI to infer emotions of a natural person is highly undesirable and should be prohibited. However, it may be allowed for health purposes where recognizing emotions assumes importance.
Proposed Regulatory Authority
The European Commission’s proposal designates the EDPS as the competent authority. It also designates it as the market surveillance authority for the supervision of the Union institutions, agencies, and bodies. However, both organisations call for further clarity on the role of EDPS. They also suggest that since data protection authorities are already enforcing GDPR and the Law Enforcement Directive (LED) on AI systems involving personal data, designation of DPAs as the national supervisory authorities would ensure a harmonized approach.
You can read the full press release here.