At the end of January, the Council of Europe announced its recommendations on facial recognition, a central issue. Faced with the increasing use of facial recognition technologies, the European body recommended strict rules to avoid significant risks to privacy and data protection. In addition, it was proposed that certain applications should be banned altogether to avoid discrimination, such as for work, insurance, etc.

The Council, a human rights organisation with 47 member states, proposes in a new set of guidelines for governments, legislators and businesses to prohibit the use of facial recognition for the sole purpose of determining a person’s skin colour, religious or other beliefs, gender, racial or ethnic origin, age, health or social status.

This prohibition should also apply to “affect recognition” technologies, which allow the identification of emotions and which can be used to detect personality traits, inner feelings, mental health or employee engagement, as they represent significant risks in areas such as employment, or access to insurance or education.

“At its best, facial recognition can be practical and help us overcome the obstacles in our daily lives. At worst, it threatens our basic human rights, including privacy, equal treatment and non-discrimination, by enabling public authorities and others to monitor and control important aspects of our lives – often without our knowledge or consent,” said Marija Pejčinović Burić, the Secretary General of the Council of Europe.

“But it can be stopped. These guidelines guarantee the protection of personal dignity, human rights and fundamental freedoms, including the security of personal data”.

The guidelines stress the need for a democratic debate on the use of facial recognition on the fly in public places and schools given the intrusive nature of this technology and possibly the need for a moratorium pending further analysis.

The clandestine use of facial recognition on the fly by law enforcement agencies would be acceptable only if it is strictly necessary and proportionate to prevent imminent and substantial threats to public safety that are documented in advance.

Private companies should not be allowed to use facial recognition in uncontrolled environments such as shopping malls, for marketing or private security purposes.

The guidelines were drawn up by the Advisory Committee of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, which brings together experts representing the 55 States Parties to the Convention and 20 observer States.

The Convention, the first binding international treaty on the protection of personal data, was opened for signature forty years ago today, on 28 January 1981 in Strasbourg.

Translated from Le Conseil de l’Europe préconise une réglementation stricte pour la reconnaissance faciale