The European Data Protection Board (EDPB) adopted on 12 May 2022 Guidelines 05/2022 on the use of facial recognition technology (FRT) in the area of law enforcement. This first version of the text is open for comment until 27 June 2022. The Guidelines are based on the fact that more and more law enforcement authorities apply or intend to apply FRT (e.g. to identify or authenticate a person). The EDPB states that FRT involving processing of biometric data constitutes a serious interference with the rights of privacy and data protection.
The EDPB recalls that data protection requirements (included in the Law Enforcement Directive, 2016/680) must of course be fully respected (clear legal basis; consultation of the data protection supervisory authority; assessment of necessity and proportionality; data minimisation; etc.). It also recommends making the results of the mandatory data protection impact assessment public.
Finally, the EDPB recalls its and the EDPS’s joint call for ban of certain uses of FRT. It is the case when FRT is used to remote biometric identification of individuals in public spaces, or when it is used to infer emotions of the natural persons.
On this subject, we have already had the opportunity to identify several texts from various institutions calling for a moratorium on FRT (see here). This reluctance to use FRT is also reflected in concerns about the potential use police services of Clearview AI, a US commercial application using facial recognition. In Belgium, a report on this subject has just been published on the website of the House of Representatives (see here) after an investigation of the Supervisory Body for Police Information (see here). In France, the president of the CNIL said a few days ago that she is considering a sanction procedure against Clearview, after an initial request in December 2021 to Clearview to stop data processing (see here).
This article was co-authored by Edouard Cruysmans in his capacity of Professional Support Lawyer at Stibbe.