In the age of artificial intelligence, identifying anyone in public space through facial recognition is becoming faster and easier. However, the technologies have flaws due to their technical limitations and biases. Despite their imperfections, governments worldwide deploy the technologies at a breakneck pace. Strong criticisms have been heard over the lack of appropriate legal frameworks to regulate technologies that can negatively impact civil liberties and personal freedoms. For a few years, concerns have grown concerning their use in China, where they are deployed to support a social credit system to rate citizens’ behaviour. Facial recognition technologies can be very pervasive surveillance tools. The proposed research will identify the threats and risks that the use of facial recognition for surveillance poses to the rights to privacy and data protection as defined at EU level. The project seeks to understand whether legitimate and proportionate uses of the technologies can be defined based on country trends (France, UK, USA, and to some extent China) (first research objective), the technical characteristics of the biometric systems (second research objective), and the legal frameworks applicable to the rights to privacy and data protection (third research objective).
Within a few years, the regulation of FRTs in public spaces has become a priority policy agenda in Europe and beyond. The country trend has revealed an evolution towards more biometric surveillance. In the USA, the situation is very disparate at State and local levels, with existing bans, rolled-back moratoria, and specific regulations on police use for investigation purposes. In the UK, police forces have resumed using the technologies without any clear legal framework. In France, the institutions have pushed relentlessly, but without success, for an ‘experimental law’ but obtained, instead, the use of algorithmic surveillance tools ahead of the Olympic Games. Finally, in China, these technologies widely deployed to enforce the lock restrictions during the Covid pandemic are subsisting without clear rules.
In that context, and to provide recommendations, DATAFACE investigated the regulatory approach to experiments with FRTs in public spaces and the impact of their deployment for surveillance and policing purposes on the EU fundamental rights to privacy and data protection. Concerning the experiments, it offered several policy options based on risk-assessment mechanisms. Concerning the deployment, it found that public security and crime prevention can constitute legitimate in the field of law enforcement. However, using these particularly intrusive technologies must be based on law, be strictly necessary (‘necessary in a democratic society’) and be proportionate. The necessity of a measure must be demonstrated using objective evidence (i.e. scientifically verifiable) and show that the measure is the least intrusive. Once the necessity is established, its proportionality can be assessed (through the existence of safeguards to limit the risks to individuals’ rights). Applying this analysis to the future AI Act, the project found that the proposed rules on police use of FRTs in public spaces fell short of the ‘necessity’ requirement while it included several safeguards.