Last April, the European Data Protection Supervisor (EDPS) expressed his reservation on facial recognition, in connection with the regulations on artificial intelligence proposed by the European Commission. On June 21, the European Data Protection Board (EDPB) announced the adoption of a joint opinion on this legislation. The EDPB and the EDPS therefore call for a ban on the use of AI for the automated recognition of human characteristics in spaces accessible to the public.
EDPB agrees with EDPS opinion on facial recognition in public places
In a joint announcement, the EDPB and the EDPS expressed their opinion on the European Commission’s proposal for a regulation on artificial intelligence. The EDPS had already expressed his reluctance around AI and facial recognition and called for a meticulous analysis of this legislation, the EDPB agrees with this opinion and allows the two institutions to clarify their points of view.
Andrea Jelinek, EDPB President, and Wojciech Wiewiórowski, EDPS, said:
“The deployment of remote biometric identification in spaces accessible to the public means the end of anonymity in these places. Applications such as live facial recognition interfere with fundamental rights and freedoms to such an extent that they can challenge the essence of those rights and freedoms. This calls for immediate application of the precautionary approach.
A blanket ban on the use of facial recognition in publicly accessible areas is the necessary starting point if we are to preserve our freedoms and create a human-centered legal framework for AI. The proposed regulation should also ban any kind of use of AI for social scoring, as it is contrary to the fundamental values of the EU and can lead to discrimination. ”
The EDPB and the EDPS target face recognition systems, gait and posture, fingerprints, DNA, voice, and any other biometric or behavioral signal whatever the context and wish their ban in public spaces.
Further details on the AI regulations provided by the EDPB and the EDPS
The two organizations underlined several points around the regulation on artificial intelligence proposed by the European Commission:
- The need, according to them, to make it explicit that existing European data protection legislation (RGPD, EUDPR, LED) applies to any processing of personal data falling within the scope of the AI regulations. .
- They welcome the risk-based approach to regulation and recommend that the concept of “fundamental rights risk” should be aligned with the EU data protection framework. “High risk” systems as defined in the regulations do not provide for the prohibition of its deployment by the user under certain conditions. Both institutions agree with this principle.
- Compliance with legal obligations must be a precondition, according to the EDPB and the EDPS, to enter the European market as a CE marked product.
- They point out that data protection authorities already apply GDPR and LED on AI systems involving personal data. They consider that to ensure a flawless application of this new AI regulation, the DPAs should be designated as national supervisory authorities.
- Finally, they question the designation of a predominant role for the European Commission around the European Artificial Intelligence Board (EAIB). For them, this would run counter to the need for a European AI body independent of political influence. They want the EAIB to have more autonomy so that it can act on its own initiative.