top of page
Writer's pictureEULegalWizard

Legal Implications of Facial Recognition Technologies in Europe

Europe, in its continuous journey of technological regulation, recently witnessed a groundbreaking event with the proposal of the first European legislation on artificial intelligence - the AI Act. This milestone sets the stage for the region as a dynamic hub for discussions and debates on the application and regulation of AI, with biometric technologies at the forefront of these discourses.


Biometric technologies, a term that captures an array of automated processes employed for individual identification, have seen an unprecedented rise. These processes leverage distinctive physical, physiological, or behavioural attributes of individuals, forging a new era in technology and surveillance. Among the array of biometric technologies, facial recognition technology has emerged as an essential tool in the vast landscape of artificial intelligence.


The Mechanics of Facial Recognition


Delving into the inner workings of facial recognition technology, it operates on a two-step principle. Firstly, it involves capturing an image of an individual's face, followed by the extraction of unique facial features to create a digital portrait, referred to as a biometric template. This template is then stored in a database for subsequent comparisons.

The second stage involves the technology acting as a detective, analyzing the stored biometric templates for potential matches. The technology operates on the foundation of probability - the degree of certainty that the face being analyzed corresponds to the stored template. It’s not a game of absolutes but rather a play on the probabilities.

Varied Applications of Artificial Intelligence

The applications of facial recognition technology are diverse and multifaceted, primarily falling into two broad categories:

Authentication of an individual: This aspect of facial recognition technology provides a one-to-one verification of an individual's identity. The real-time image of an individual is compared to a previously stored template to ascertain a match. Think of it as a password, but instead of alphanumeric characters, it's the individual's face. A commonplace example is the facial recognition functionality on smartphones that permits users to unlock their devices.

Identification of an individual: Here, the technology serves a broader purpose, facilitating a one-to-many verification. This implies that the technology sifts through several templates to identify a specific individual within a group or geographic location.


Potential Risks Associated with Artificial Intelligence


To address the varying potential risks, the AI Act proposes a tiered system, with regulations tailored to different levels of risk:


Unacceptable Risk: The highest category of risk, where certain AI applications, such as real-time and remote biometric identification systems, including facial recognition, are strictly prohibited due to their potentially grave implications on individual rights and freedoms.

High-Risk: This category encapsulates AI systems posing a significant threat to health, safety, or fundamental rights. While not entirely banned, stringent requirements are imposed on these systems for their deployment.


Privacy and Security Concerns in AI


Facial recognition technology's deployment necessitates the processing of personal data, making privacy and security paramount concerns. As this technology delves into the realm of biometric data, it grapples with the task of unique identification.


The EU’s General Data Protection Regulation (GDPR) categorizes "biometric data for the purpose of uniquely identifying a natural person" under "special categories of data," mandating enhanced protection due to the sensitive nature of such data. Therefore, adopting facial recognition technology is not merely a technical decision but a choice intertwined with data protection considerations.


Compliance with the GDPR and LED


Ensuring the lawfulness of facial recognition systems requires aligning their use with the regulations stipulated by the GDPR and the Law Enforcement Directive (LED). The cornerstones of lawful processing under these directives are necessity, proportionality, and the presence of a legally justified basis.


For private companies, obtaining user consent might seem the most straightforward path for lawful processing. However, the situation becomes more nuanced when facial recognition is used by public authorities, as their processing justification rests on the "prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.” But lawful processing does not imply an unchecked carte blanche. Authorities must inform the data subjects, as non-compliance would risk violating data protection regulations and potentially creating a sense of omnipresent surveillance, thereby infringing upon other fundamental rights, such as the right to freedom of expression and association.


The Right to Human Oversight


Legal provisions such as Article 22 of the GDPR and Article 11 of the LED establish the right for individuals not to be subject to decisions based solely on automated processing, including profiling. No significant decisions that legally affect an individual or have a substantial personal impact should be made purely by an algorithm without human intervention.

In the context of facial recognition, this human oversight becomes particularly vital. Given the sensitive nature of the data being processed and the potential for profiling, human intervention may safeguard against discrimination or unjust outcomes. It also offers a mechanism for individuals to understand and challenge decisions made by automated processes.

More details about the AI Act you can find here. DISCLAIMER: The information provided is not legal, tax, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be AI-generated. The information provided is for general educational purposes only and is not investment advice. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information. A professional should review any action based on the information discussed. The author is not liable for any loss from acting on the information discussed.

コメント


bottom of page