On September 8, 2021, the European Parliament’s Civil Rights and Constitutional Affairs department published a briefing on the report, which addresses ethical issues related to the use of biometric and behavioral recognition technologies in public spaces. The full report was prepared at the request of two European Parliament committees and published in August 2021.
The report examines the deeply personal nature of behavioral data, such as a person’s gait, voice, or gestures, and makes recommendations for further regulation of biometric data to protect individuals from misuse of that data. The report also takes into account large-scale monitoring, algorithmic decision making and profiling.
After in-depth analysis of various types of biometric techniques, the report examined how these techniques are being used by the recent proposal for an Artificial Intelligence Act (EU Artificial Intelligence Regulation or AI Regulation) of April 21, 2021, as well as other legal instruments (such as the proposed Data Governance Act) and whether this legislation covers ethical and fundamental rights issues comprehensively.
The report supports the general approach to regulating these technologies in the AI ââRegulation, but notes that the proposal does not consistently address ethical concerns. Against this background, the report recommends that the European Parliament and EU lawmakers consider a number of changes (e.g. the inclusion of specific provisions that would ensure responsible handling of certain restricted AI practices such as biometric techniques and inferences).
The most important recommendations for the legislator include:
- Introduce a definition for âbiometric conclusionsâ and âbiometric dataâ and separate the terms âemotion recognition systemâ and âbiometric categorization systemâ from the term âbiometric dataâ within the meaning of the GDPR;
- Full or extensive surveillance of natural persons in their private or professional life, as well as violations of intellectual privacy and integrity, should be included in the list of prohibited AI practices in Article 5 (1) of the AI ââRegulation. The list of prohibited AI practices should be regularly reviewed and updated by the European Commission, possibly under the supervision of the European Parliament;
- Introduction of a new section on restricted AI applications, which deals in detail with the following topics: (i) “real-time” remote identification (and possibly other forms of real-time remote identification), including for law enforcement purposes, (ii) other biometric identification systems, Emotion recognition systems and biometric categorization systems, whereby the admissibility of such systems is restricted and the transparency obligations of the operators of biometric systems are integrated; (iii) a new provision on decisions based on biometric techniques; and (iv) potential material limits to biometric inference;
- Consider the introduction of new provisions on automated consent management in the GDPR or in the AI ââRegulation for situations in which the use of biometric techniques is based on the consent of the user. Automated consent management should enable individuals to effectively manage consent and use independent tools or service providers for consent management (e.g. data sharing service providers as defined in the Data Governance Act). Systems must be designed in such a way that the automated transmission of consent (or its revocation) to all recipients of biometric data is guaranteed and automated deletion or other actions by these recipients are possible.
The full report also includes a section with proposed wording to amend the AI ââRegulation.
The briefing can be found here and the full report can be found here.