FB pixel

EU data watchdog publishes guidelines on facial recognition in policing

EU data watchdog publishes guidelines on facial recognition in policing

As the debates over the AI Act heats up, the European Union’s data protection watchdog has published its final set of guidelines on the use of facial recognition technology in law enforcement.

The European Data Protection Board (EDPB) guidelines are meant to help individual EU states formulate their laws: Each country should provide a legal basis for any form of processing biometric data by law enforcement agencies using facial recognition, according to the document.

The EDPB is in charge of ensuring the European Union’s General Data Protection Regulation (GDPR) is applied in every EU country.

In the new guidelines, the agency adopts a softer approach compared to 2021 when it called for a general ban on any use of automated systems recognizing “gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioral signals” in public spaces. Despite this, the agency still considers remote biometric identification of individuals in public spaces “highly undesirable.” Another application that EDPB does not want in public spaces is the use of facial recognition to infer the emotions of an individual.

Aside from the guidelines, the EDPB provided three annexes to the document, including assessments of hypothetical scenarios in which law enforcement agencies use facial recognition.

Scraping images off the internet to create a database and using facial recognition for riot investigation, for instance, would constitute a disproportionate interference of rights, according to the agency. Automated border control and identifying abducted children, on the other hand, are compatible with EU law.

With a few exceptions, the final guidelines resemble the draft published in May 2022.

The document states that processing of personal data should be done for a specific purpose while the laws should define objectives towards a specific subject, rather than granting general authorization for using facial recognition to maintain order.

“The legal basis must be sufficiently clear in its terms to give citizens an adequate indication of conditions and circumstances in which authorities are empowered to resort to any measures of collection of data and secret surveillance,” the guidelines note.

International law firm Pearl Cohen has highlighted some of the new changes brought by the version 2.0 document:

  • In the training and development of facial recognition technologies, personal data may only be processed when there is a lawful and legitimate basis.
  • While the scope of the guidelines is limited to technologies for identification purposes, certain aspects of the guidelines may also be used for other types of processing of biometric information by law enforcement authorities.
  • Keeping documentation of the operations performed within the system and the relevant procedural steps are of key importance.
  • A human in the loop is not considered a sufficient safeguard to protect data subjects’ rights as humans are prone to biases and errors.
  • EU countries should ensure that they allocate enough resources to data protection authorities.

Article Topics

 |   |   |   |   | 

Latest Biometrics News


NIST issues guidance to fit passkeys into digital identity recommendations

The U.S. National Institute and Standards Institute has published a supplement to its digital identity guidelines as interim advice for…


US oversight body calls for more real-world biometrics testing, bias protections

A federal U.S. agency wants more testing of biometrics applications in the real world, stronger protections against bias and more…


UK researchers extract drug residue from gel-lifted fingerprint biometrics

A new breakthrough in a familiar technology could help researchers use fingerprint biometrics to solve cold cases. A press release…


Fujitsu scolded for identity error in Japan’s My Number system

Japan’s My Number personal ID system is planning to allow digital identity documents as valid proof of identity when obtaining…


ID platform delivered by WISeKey facilitates digital govt services in Seychelles

A digital identity platform dubbed SeyID has been successfully delivered for the government of Seychelles by WISeKey and is already…


Vietnam set to issue digital IDs for service access, plans to include foreigners

Vietnam is set to issue digital ID cards for people to use in interactions with public agencies, complementing the VNeID…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events