Artificial Intelligence Update
4 min to read

Artificial Intelligence Update

Date
12 July 2021

Data protection watchdogs call for a ban on automated facial recognition in AI Act.

The European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB) recently released a Joint Opinion on the European Commission proposal for a Regulation laying down harmonised rules on artificial intelligence (“AI Act”).

While the Opinion is not binding on the Commission, the EDPS and EDPB are directly responsible for the enforcement of EU and national Data Protection rules. So, their views are likely to be influential with the European institutions.

If the Opinion generally welcomes the Commission’s efforts to regulate AI and the risk-based approach chosen, it also identifies several aspects of the proposed AI Act that should be adapted and fine-tuned, especially when it comes to its interactions with the EU data protection framework.

Firstly, the Opinion calls for a general ban on “any use of AI for automated recognition of human features in publicly accessible places in any context”. According to the European Data Protection Supervisor, Wojciech Wiewiórowski, such a ban would constitute “the necessary starting point if we want to preserve our freedoms and create a human-centric legal framework for AI”. To recall, the AI Act does not contain an outright ban in this respect, instead introducing a list of exceptional cases in which “real-time” remote biometric identification in public spaces is allowed on law enforcement grounds.

The EDPS and EDPB consider the Commission’s approach as going against the proportionality principle. It would require a considerable amount of data to be processed to identify only a few individuals. Moreover, such a process would have irreversible effects on citizens’ freedom of movement, expression, assembly and association.

In the view of EDPS and EDPB, a ban is also necessary for “AI systems categorising individuals from biometrics into clusters according to ethnicity, gender, political or sexual orientation or other grounds for discrimination” that are prohibited under the EU Charter of Human Rights. According to the EU data protection watchdogs, the so-called “biometric categorisation” foreseen in the AI Act risks affecting human dignity, as individuals’ future behaviour will not be assessed according to their own freewill but merely classified by a computer.

In terms of governance, the Opinion stresses the need to clearly set forth the independent nature of the authorities tasked with supervising and enforcing the AI Act. In this regard, the EDPS and EDPB call for more autonomy to be given to the European Artificial Intelligence Board (EAIB). According to the current draft of the Commission AI proposal, a prominent role in the EAIB will be played by the Commission itself. The EDPS and EDPB take the view that this may undermine the new board’s independence, especially with respect to external political influences. Instead, the Board should be allowed to act on its own initiative.

To ensure more harmonisation within the EU legislative framework and better coordination between the AI Act and the EU data protection rulebook, the Opinion suggests designating the national Data Protection Authorities (DPAs) as the responsible bodies under Article 59 of the AI Proposal. National DPAs are already responsible for enforcing the EU data protection provisions on AI systems based on the processing of personal data. The Opinion suggests that this governance regime would benefit all the actors involved in the AI value chain, as they will have a single point of contact for all data processing operations and disputes.

Lastly, the Opinion addresses the certification of AI systems, which is deemed to lack a clear relationship with EU data protection rules. It states that the current system outlined in the draft AI Proposal should be better aligned with data protection certifications, seals and marks set forth under the General Data Protection Regulation. Failure to do so may create a risk of placing products on the EU market which are validly certified under the AI Act yet are not compliant with the rules and principles of data protection. In particular, the Opinion suggests that the principles of data minimisation and data protection by design should be taken into account while issuing certification under the AI Act.

The EDPB and EDPS Opinion highlights once again the complex issues raised by the Commission’s AI Proposal and the potential for tensions with existing EU law, confirming that the proposal will still be subject to significant negotiations before being passed into law.

Share
Written by
CH
Chiara Horgan
Belgium
View profile
Related articles
EU-US Trade & Technology Council
4 min to read
13 July 2021
EU-US Trade & Technology Council
EU and U.S. leaders join forces to tackle global trade and technology challenges. During the US-EU Summit, which took place in Brussels on 15 June 2021, European Commission President Ursula Von der...
Non-fungible Tokens: what’s all the fuss?
Non-fungible Tokens: what’s all the fuss?
Non-fungible tokens (NFTs) have been around for many years but have recently gained huge traction, taking a variety of different forms such as digital kittens (CryptoKitties), sports...
VIDEO - The High Risk of Regulating Artificial Intelligence: What does your company need to prepare for?
VIDEO – The High Risk of Regulating Artificial Intelligence: What does your company need to prepare for?
The European Commission recently unveiled an Artificial Intelligence (AI) proposal with the aim of setting a 'global gold standard' for rules in this cutting-edge sector. Bird & Bird’s International...
Non-fungible tokens (NFTs) and copyright law
Non-fungible tokens (NFTs) and copyright law
A topic at the edge of intellectual property (IP) law is the ambiguous relationship between non-fungible tokens (NFTs) and copyright law. NFTs have been put under the spotlight this year, as several sales...
Cookies
We use analytics cookies to help us understand if our website is working well and to learn what content is most useful to visitors. We also use some cookies which are essential to make our website work. You can accept or reject our analytic cookies (including the collection of associated data) and change your mind at any time. Find out more in our Cookie Notice.