We’re available from 9 am to 6 pm on weekdays. Contact Us.
EDPB & EDPS call for ban on use of AI for automated recognition of human features

The EDPB (European Data Protection Board) and EDPS (European Data Protection Supervisor) have adopted a joint opinion on the European Commission’s Proposal for a Regulation laying down harmonised rules on artificial intelligence (AI).

The EDPB and the EDPS strongly welcome the aim of addressing the use of AI systems within the European Union, including the use of AI systems by EU institutions, bodies or agencies. At the same time, the EDPB and EDPS are concerned by the exclusion of international law enforcement cooperation from the scope of the Proposal.

The EDPB and EDPS also stress the need to explicitly clarify that existing EU data protection legislation (GDPR, the EUDPR and the LED) applies to any processing of personal data falling under the scope of the draft AI Regulation.

While the EDPB and the EDPS welcome the risk-based approach underpinning the Proposal, they consider that the concept of “risk to fundamental rights” should be aligned with the EU data protection framework. The EDPB and the EDPS recommend that societal risks for groups of individuals should also be assessed and mitigated. Moreover, they agree with the Proposal that the classification of an AI system as high-risk does not necessarily mean that it is lawful per se and can be deployed by the user as such. The EDPB and the EDPS also consider that compliance with legal obligations arising from Union legislation - including on personal data protection - should be a precondition for entering the European market as CE marked product.

Taking into account the extremely high risks posed by remote biometric identification of individuals in publicly accessible spaces, the EDPB and the EDPS call for a general ban on any use of AI for automated recognition of human features in publicly accessible spaces, such as recognition of faces, gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals, in any context. Similarly, the EDPB and EDPS recommend a ban on AI systems using biometrics to categorize individuals into clusters based on ethnicity, gender, political or sexual orientation, or other grounds on which discrimination is prohibited under Article 21 of the Charter of Fundamental Rights. Furthermore, the EDPB and the EDPS consider that the use of AI to infer emotions of a natural person is highly undesirable and should be prohibited, except for very specified cases, such as some health purposes, where the patient emotion recognition is important, and that the use of AI for any type of social scoring should be prohibited.

Andrea Jelinek, EDPB Chair, & Wojciech Wiewiórowski, EDPS, said: “Deploying remote biometric identification in publicly accessible spaces means the end of anonymity in those places. Applications such as live facial recognition interfere with fundamental rights and freedoms to such an extent that they may call into question the essence of these rights and freedoms. This calls for an immediate application of the precautionary approach. A general ban on the use of facial recognition in publicly accessible areas is the necessary starting point if we want to preserve our freedoms and create a human-centric legal framework for AI. The proposed regulation should also prohibit any type of use of AI for social scoring, as it is against the EU fundamental values and can lead to discrimination.”

The EDPB and the EDPS further welcome the fact that the Proposal designates the EDPS as the competent authority and the market surveillance authority for the supervision of the Union institutions, agencies and bodies. However, the role and tasks of the EDPS should be further clarified, specifically when it comes to its role as market surveillance authority.

The EDPB and EDPS recall that data protection authorities (DPAs) are already enforcing the GDPR and the LED on AI systems involving personal data, in order to guarantee the protection of fundamental rights and more specifically the right to data protection. As a result, the designation of DPAs as the national supervisory authorities would ensure a more harmonized regulatory approach, and contribute to the consistent interpretation of data processing provisions across the EU. Consequently, the EDPB and the EDPS consider that, to ensure a smooth application of this new regulation, DPAs should be designated as national supervisory authorities pursuant to Article 59 of the Proposal.

Finally, the EDPB and EDPS question the designation of a predominant role to the European Commission in the “European Artificial Intelligence Board” (EAIB), as this would conflict with the need for an AI European body independent from any political influence. To ensure its independency, the Proposal should give more autonomy to the EAIB and ensure it can act on its own initiative.

Press release by EDPB