|On 21 June, two of the most important European privacy watchdogs—the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB)—announced a formal call for a general ban on the use of AI for automated recognition of human features in public spaces.
Their strong stance marks a shift in the debate around the regulation of facial recognition in Europe, and indicates growing momentum for more widespread prohibitions on its use.
Until now, the EU has adopted a risk-based approach to regulating AI-based technologies. Its Proposed Regulation on Artificial Intelligence classifies remote biometric systems as ‘high risk’ applications that warrant additional safeguards and prohibits the use of real-time remote biometric identification systems by law enforcement in public places, subject to public safety exemptions. Despite offering stronger protections for human rights, the proposal has been criticised by civil society groups, who fear the exemptions risk creating legal loopholes that pave the way for indiscriminate surveillance practices.
Outside Europe, regulatory efforts vary greatly among states. The Chinese government’s use of facial recognition to monitor its citizens and racially profile the country’s Uyghur Muslim minority group have been widely reported. Proposed Chinese regulation in this area—notably the draft standard on Security Requirements of Facial Recognition Data—is non-binding. In the US, by contrast, there are already local prohibitions on facial recognition in some cities and states, with pressure mounting for further legislative action at the federal level.
Resistance to facial recognition has also come from other stakeholders, including technology companies IBM, Amazon and Microsoft, who halted sales of their facial recognition products to law enforcement agencies in 2020 (for our reflections on this move, see here). UN bodies including the Office of the High Commissioner for Human Rights (OHCHR) and the Special Rapporteur on Freedom of Opinion and Expression have also opposed the use of facial recognition technologies in certain contexts, issuing calls for moratoriums until the protection of human rights is assured.
These developments reinforce the need for Europe to adopt a rights-respecting approach to the use of facial recognition technology. While GPD welcomes the draft EU Regulation and the stronger human rights protections it affords, we also reinforce the critical need for regulatory efforts to be informed by states’ obligations to respect, protect and fulfil all human rights under international human rights law, as well as corporate human rights responsibilities under the UN Guiding Principles on Business and Human Rights. This must also be accompanied by meaningful multistakeholder consultation involving all relevant actors.