EU considers some remote biometric identification in a trade-off for prohibitions

There is give and take in any biometric transaction, and the passing of the EU’s AI Act is no exception. Euractiv reports that the European Parliament is seriously considering a proposal to allow limited uses of remote biometric identification (RBI) via facial recognition in real-time, in exchange for concessions in other areas.

Previous drafts had limited the use of real-time RBI technology to select cases benefiting the public good: finding a missing person, thwarting terrorism or locating the suspect of a major crime. But there has been back and forth internally over the matter. A cross-party majority voted in the EU Parliament for a total ban. Member state governments, on the other hand, pushed for allowances for law enforcement, including predictive policing.

Modifications in the latest version get into more detail on what constitutes a major crime. RBI tracking can be used to track suspects of crimes that are punishable for a maximum period of at least five years. Joining terrorism on the list is murder, rape, kidnapping, hostage-taking, human or drug trafficking, child sexual exploitation, weapons trafficking and offenses covered under the International Criminal Court, such as genocide and crimes against humanity.

Use of remote biometrics in real time must be preceded by registration in the EU public database and a fundamental rights impact assessment. It is recommended that uses are validated by a judicial authority, but exceptions can be made in which validation may be sought after the fact within 48 hours. National authorities should oversee the use of RBIs by law enforcement.

Leeway for the law and military, but a crackdown on face scrapers

The exemptions for law enforcement and military allow users to deploy high-risk AI models without typical monitoring and reporting requirements and, in exceptional circumstances, before the completion of a conformity assessment. They give a clear runway to militaries and uses related to national security, stating outright that “this Regulation shall not apply to AI systems developed or used exclusively for military purposes.”

In return, the AI Act will beef up restrictions on face scraping platforms, specifically “AI systems that create or expand facial recognition databases through the untargeted and wide-scale scraping of facial images from the internet or CCTV footage.”

Also banned are biometric categorization tools that make inferences about private personal information such as voting or sexuality, and, in workplaces and educational environments, tech intended for emotional recognition. Allowances on predictive policing remain undecided.

Article Topics

AI Act  |  biometric identification  |  biometrics  |  facial recognition  |  legislation  |  real-time biometrics  |  regulation