Vestager: Facial recognition tech breaches EU data protection rules

The EU’s flagship data protection regime renders automatic identification through facial recognition technology illegal, Commission Vice-President for Digital Margrethe Vestager has said.

Speaking to a group of reporters last Thursday (13 February), Vestager said that “as it stands right now, GDPR would say ‘don’t use it’, because you cannot get consent.”

Article 6 of the EU’s General Data Protection Regulation outlines the conditions under which personal data can be legally processed, one such requirement being that the data subject has given their explicit consent.

Vestager added, however, that there are exemptions to the rule with regards to public security issues, in which cases facial recognition technologies should be allowed to automatically identify persons legally.

More broadly, the EU’s digital tsar told reporters that the Commission will take some time before deciding on how to legislate facial recognition remotely, but will not prevent national initiatives from using the technology according to existing rules.

Facial recognition is already present in our smartphones and passport controls at airports. But its use remotely, including by public authorities, is increasingly becoming a controversial issue in the rollout of artificial intelligence, as it happened during the protests in Hong Kong. 

The Commission initially considered a ban of up to five years in its white paper on AI, due to be released on 19 February, as EURACTIV.com has already reported. However, a recent draft of the document dropped the temporary ban of remote facial recognition.

LEAK: Commission considers facial recognition ban in AI 'white paper'

The European Commission is considering measures to impose a temporary ban on facial recognition technologies used by both public and private actors, according to a draft white paper on Artificial Intelligence obtained by EURACTIV.

If implemented, the …

Vestager added that the Commission will not take any measure at this stage and will reflect on how to regulate the facial recognition at EU level.

“So what we will say in the paper in a very lawyered up language is, let’s pause and figure out if there are any [situations], and if any, under what circumstances facial recognition remotely should be authorised”.

Commission officials added that this “pause” would not prevent national governments from using it according to the existing rules. 

Vestager said that the technology breaches the need to give consent, as stipulated in the EU’s data privacy rules (GDPR). The French data regulator, the CNIL, also made the same warning.

GDPR framework includes some exceptions for public security matters, Vestager recalled.

But the EU executive wants to explore with member states, businesses and other organisations whether new exceptions should be added.

“Let’s consider what will be our approach to this, because it does affect you”, Vestager stressed.

The white paper on AI will be the starting point of a 12-week consultation. The results will feed into the Commission’s thinking before it puts forward a legislative proposal expected late this year.

The white paper on AI will be part of a package that the Commission will release on 19 February to stimulate its digital market.

The institution will also put forward a communication on the digital age and a “European strategy for data”.

LEAK: Commission outlines plan to create single EU data space by 2030

The EU wants to create by the end of the decade a genuine single market for data that corresponds to its economic power, prioritising nine “strategic sectors” including health, climate, agriculture and energy, and dedicating up to €6 billion to investment in data centres, according to the Commission’s data strategy seen by EURACTIV.com.

Given that some types of artificial intelligence can have “very adverse effects on fundamental values, and human integrity”, Vestager said, the Commission intends to adopt a risk-based approach to introduce new rules in some areas. 

“We think that there will be a call for regulation on the risky parts of technology.”

The scope will cover those sensitive sectors, including health, energy, transport, public sector, and within each sector, it will address risky applications where human oversight may be needed.

Although the Danish Commissioner expected the need for new rules down the road, she added, wary of the possible impact on smaller companies, that the EU executive’s response will not be “too heavy-handed”.

Although Europe only dedicates a fraction of the resources invested by the US and China on AI, Vestager was confident that the white paper and the new rules that would come later would pave the way for more deployment of this technology.

“China has the data, the US has the money, and we have the purpose”, she stated, referring to the EU’s goal of achieving “excellence” in the use of AI. 

She argued that Europe should not give up its “willingness to protect the fundamental values”.

“The reason why I think it is the best thing to do is because this European approach has taken us so far, and it has made us one of the most attractive places to live on the planet ever,” she said.

“We should let the Chinese be Chinese, we are definitely not good at it. So it is much better for us to stand by what we believe in”.

LEAK: Digital services face EU competition crackdown

The European Commission is mulling over measures to bolster competition rules for digital services in order to rein in the dominance of global tech giants and foster “technologies that work for people”, a draft communication obtained by EURACTIV reveals.

[Edited by Zoran Radosavljevic and Samuel Stolton]

Read more with Euractiv

Facebook's Zuckerberg backs regulation of harmful online content

Facebook's Mark Zuckerberg on Saturday (15 February) said harmful online content should be regulated, adding that his company should be subject to a regulatory framework that is different from those used for existing media and telecoms companies.