Last April, the European Data Protection Supervisor (EDPS ) expressed his reservation on facial recognition, in relation to the regulation on artificial intelligence proposed by the European Commission. On 21 June, the European Data Protection Board (EDPB) announced the adoption of a joint opinion on this legislation. The EDPB and the EDPS thus call for a ban on the use of AI for automated recognition of human characteristics in publicly accessible spaces.
EDPB agrees with EDPS on facial recognition in public places
In a joint announcement, the EDPB and the EDPS expressed their views on the European Commission’s proposal for a regulation on artificial intelligence. The EDPS had already expressed his reluctance on AI and facial recognition and called for a careful analysis of this legislation, the EDPB agrees and allows both institutions to clarify their views.
Andrea Jelinek, President of the EDPB, and Wojciech Wiewiórowski of the EDPS, said:
“The deployment of remote biometric identification in publicly accessible spaces means the end of anonymity in these places. Applications such as live facial recognition interfere with fundamental rights and freedoms to such an extent that they may call into question the essence of these rights and freedoms. This calls for an immediate application of the precautionary approach.
A general ban on the use of facial recognition in publicly accessible areas is the necessary starting point if we are to preserve our freedoms and create a human-centred legal framework for AI. The proposed regulation should also ban any kind of use of AI for social rating, as it is contrary to the EU’s core values and can lead to discrimination.”
The EDPB and the EDPS are targeting face, gait and posture recognition, fingerprint, DNA, voice, and any other biometric or behavioral signals regardless of the context and want them banned in public spaces.
Further clarifications on AI regulation by the EDPB and the EDPS
The two organizations highlighted several points around the European Commission’s proposed regulation on artificial intelligence:
- The need, in their view, to explicitly state that existing EU data protection legislation (GDPR, EUDPR, LED) applies to any processing of personal data falling within the scope of the AI regulation.
- They welcome the risk level approach of the regulation and recommend that the concept of “risk to fundamental rights” should be aligned with the EU data protections framework. High risk’ systems as defined in the regulation do not provide for a prohibition of its deployment by the user under certain conditions. Both institutions agree with this principle.
- Compliance with legal obligations should be a precondition, according to the EDPB and the EDPS, for entering the European market as a CE marked product.
- They point out that data protection authorities already apply the GDPR and the LED on AI systems involving personal data. They consider that in order to ensure a seamless application of this new AI regulation, DPAs should be designated as national supervisory authorities.
- Finally, they question the designation of a predominant role for the European Commission around the European Artificial Intelligence Board (EAIB). For them, this would run counter to the need for a European AI body independent of political influence. They want the EAIB to have more autonomy so that it can act on its own initiative.