New technologies offer many possibilities, but they can also be misused. Face recognition in particular is the subject of controversy – is it a curse or a blessing? Does it increase security or does it speed up the surveillance state?
Face recognition: weighing up security and privacy plays a central role
© Shutterstock / Artem Oleshko
With face recognition, biometric data is captured by measuring distances in the face. This allows people to be recognized by video surveillance.
This technology is already used in many parts of the world or is at least under discussion. China in particular is considered a pioneer, while in countries like Belgium and Luxembourg the issue is viewed critically; Face recognition is also controversial in Germany. As interesting as it can be in terms of security and the fight against crime, the challenges are also great – the balance between security and privacy plays a central role.
The limits of the evaluation
Technology advocates often argue more confidently. They hope for more effective investigation methods based on biometric data. According to Article 9 GDPR, however, this is one of the data that is particularly worthy of protection. This means that interested companies and authorities have to implement additional protective measures. In principle, the data mentioned in Article 9 may not be processed. The consent of the data subject or the exercise of certain obligations under labor law are some of the few exceptions that allow the processing of this data.
If the technology is also combined with artificial intelligence, the processing of the biometric data is even more problematic: Not only ethical questions are raised, such as how artificial intelligence can “recognize” a criminal using facial recognition. There are also additional data protection requirements: Everyone has the right to have a decision about themselves reviewed by a real person, especially if this decision has legal implications. According to Article 22 GDPR, decisions based on purely automated processes do not have to be accepted.
The limits of the GDPR
The GDPR regulates essential aspects of face recognition. In addition, it can also be used outside the European Union (EU) if it concerns data of EU citizens. In practice, the GDPR is shown its limits, because at the international level and especially on the Internet, no sharp legal limits can be drawn.
An example from the
New York Times
: It was reported here that the start-up Clearview AI used around three billion images – mostly from social networks – to develop its facial recognition technology. The start-up developed an app that can identify people in real time.
Theoretically, the market location principle of the GDPR applies in this case. According to this, the GDPR can also be applied to companies outside the EU, provided they are active here. In the case of Clearview AI, however, that is not that easy to say. “Since the service is not aimed directly at data subjects in the Union, but rather at institutional users such as security authorities, the market location principle is not directly applicable,” the data protection supervisory authority told the online magazine
That is how the EU and the United Nations see it
Face recognition is causing controversy in the EU. This applies not only to their commitment, but also to the fundamental question of whether politicians and legislators are allowed to interfere in the development of intelligent programs at all. Non-official sources repeatedly reported plans by the EU Commission to ban the technology in public spaces for three to five years. There is also
calling for a ban on automated face recognition in the EU. First, the effects and possible risks should be examined more closely.
The United Nations also point out the risks: They express concern that human rights may be violated. In theory, the technology could even be used in peaceful demonstrations. The UN advocates a ban, at least with regard to rallies, until the key data on facial recognition have been clearly clarified.
There is a debate in Germany that was triggered, among other things, by a draft law by Federal Interior Minister Horst Seehofer. This draft proposed expanding video surveillance with facial recognition at train stations and airports. However, the SPD, like Ulrich Kelber, Federal Commissioner for Data Protection and Freedom of Information, spoke out against it. In his 2019 report, Kelber even recommended doing without them entirely. As a reason, he cited not only the lack of a legal basis, but also the ethical aspect and the high error rate.
While Belgium and Luxembourg are usually mentioned first when it comes to opponents of facial recognition, France and Hungary are more open in this regard. Databases with biometric data are allowed in Hungary. The police may also use body cameras with facial recognition, for example.
There is no discussion of face recognition in China – here it is used in almost every corner. China will have around 45 percent of the market share in video recognition with face recognition by 2023.
In the USA, on the other hand, San Francisco surprises as the only city to ban the technology. Otherwise it is common for not only security authorities but also companies to make regulations on how to handle the data. Amazon has banned the law enforcement authorities for a year from using the specially developed facial recognition software. Microsoft goes even further and will not pass on appropriate technologies until there is sufficient regulation.
Above all, the different regulations of the countries present a challenge. Even the GDPR cannot completely limit the records. Regional laws, for example, do not help much if, for example, body cameras with face recognition are allowed to be used in other countries. If it is mixed with other technologies such as augmented reality glasses, the GDPR cannot guarantee full protection in other countries. If an EU citizen is on vacation in the USA, where the use is legal, it can be recorded and saved by the facial recognition software.
Another point: New technologies often develop so quickly that politics and legislative processes are overwhelmed. There is therefore a desire to adapt the legislative guidelines in line with the digital age.
The topic of face recognition, which is relevant for society and politics, requires common goals and guidelines – but that is difficult without clear steps by the countries. Although they argue in most cases with the fight against terrorism and national security, the methods and strategies differ widely.
There is also a balance to be struck between security and the right to privacy of every individual. Not only the technology itself and its implementation, but also the political approach, taking social and ethical factors into account, must be regulated.
Face recognition: This is how the technology works under the hood
Set up face recognition on Android smartphones
Facial recognition like Face ID – can it provide comfort, security, privacy?