EU considers new rules on facial recognition

However, there is a discussion on whether new rules are necessary, as the legal framework might already be there under the bloc's General Data Protection Regulation (GDPR). 

The GDPR was adopted on April 2016 and took effect in May 2018.

Facial recognition data is considered "biometric data", which is a special category of personal data resulting from the technical processing of physical, physiological, or behavioural characteristics.

According to GDPR, the processing of "biometric data" to identify a person requires explicit consent from the person whose data is being collected.

That excluded data used for national security, according to Diego Naranjo, an advocate at European Digital Rights (EDRi), a Brussels-based nonprofit.

But "we have to think, as a society, if this type of technology is needed for the objective that is being used because at the end it constitutes a very serious invasion of citizen's privacy," he added.

Police and security forces have used this type of technology for a long time.

Tech companies are also increasingly using it, with Facebook automatically suggesting that you tag friends in pictures, while Apple's face-scanning software unlocks phones without pressing a button.

Not everyone is convinced new rules are needed, however.

Experts' opinion

Ursula von der Leyen, the incoming president of the European Commission, said in July that she wants "to put forward legislation for a co-ordinated European approach" on the human and ethical implications of AI.

However, EDRi said in a statement on July 22 it would take a long time "to formulate a meaningful and future-proof piece of legislation on this topic".

Doru Peter Frantescu, a member of the EU forum European AI Alliance, also said the solution was not "more and more regulation" but "investing more and more in education of the citizens".

"We are still to properly evaluate the effects of GDPR on Europe's growth, I think it is too early to come up with yet another regulatory layer," he added.

Assuming that citizens understand how AI and technology in general works and how it is implemented in our society, "then these citizens will be able to distinguish for themselves the situations when AI is an opportunity for them from those situations in which indeed AI is a threat," said Frantescu.

"If we have a high level of awareness among the public, then the citizens will become contributors to growing Europe's digitalisation. If instead, they are being driven into thinking that AI is mainly a threat, then we undermine our competitiveness and with it Europe's role on the global stage," he added. 

Commission's perspective

In June, the EU's high-level expert group on AI put forward a set of recommendations and ethical principles for the use of these technologies, including facial recognition.

According to commission spokeswomen Natasha Bertaud, "these [recommendations] are currently being tested".

The experts appointed by the commission indicated examining the need for new regulation to address the critical concerns listed in the Ethics Guidelines for Trustworthy AI. 

One of the critical concerns listed in the document is the "automatic identification [of individuals]" because "it raises strong concerns of both a legal and ethical nature".

"Individuals should not be subject to unjustified personal, physical or mental tracking or identification, profiling and nudging through AI powered methods of biometric recognition such as: emotional tracking, empathic media, DNA, iris, and behavioural identification, affect recognition, voice, and facial recognition and the recognition of micro-expressions," the expert group said.

Application of facial recognition technologies "must be clearly warranted in existing law," where the legal basis for such activity should be the consent of the data subject, it added.