While automated facial recognition software continues to be debated in North America, a European official says GDPR makes such software illegal.
Clearview AI is currently facing at least one lawsuit in the US. This in the midst of a debate that has been raging over the privacy implications of companies slurping up people’s pictures on social media and creating massive databases of people. While the accuracy has been one of many questions surrounding the technology, revelations surfaced about how Canadian RCMP have been quietly testing the software at least until the revelation hit the media.
While there is mounting pressure in North America to ban the use of such software, some might wonder if such software would become an issue in Europe. As it turns out, the debate wound up being effectively over before it even started. That’s, once again, thanks to the General Data Protection Regulation (GDPR). A European official has said that GDPR makes automated facial recognition software illegal thanks, in part, to the lack of obtaining proper consent. From The Next Web:
The EU’s digital and competition chief has said that automated facial recognition breaches GDPR, as the technology fails to meet the regulation’s requirement for consent.
Margrethe Vestager, the European Commission’s executive vice president for digital affairs, told reporters that “as it stands right now, GDPR would say ‘don’t use it’, because you cannot get consent,” EURACTIV revealed today.
GDPR classes information on a person’s facial features as biometric data, which is labeled as “sensitive personal data.” The use of such data is highly restricted, and typically requires consent from the subject — unless the processing meets a range of exceptional circumstances.
The article goes on to say that there are exceptions under the law under exceptional circumstances. So, while it isn’t a blanket across the board “it’s illegal”, software companies can’t exactly just scrape every photo off the web and start using those photo’s as they please. That goes back to obtaining proper consent.
Really, this is another positive sign to come from the now two year old GDPR laws. Earlier this month, GDPR officials have initiated a probe into Tinder after revelations that suggest that the online dating service sector has been selling personal information to a third party without obtaining proper consent. In the midst of all of this is how Facebook had to halt the European launch of their own dating service after failing to properly notify authorities on how it intends to roll their features out.
Before that, the GDPR law has resulted in hundreds of millions of Euro’s in fines being handed out, a study that suggests that authorities are now tracking 160,000 security incidences, and even allowed digital rights organizations to help citizens find out what political parties are tracking behind the scenes.
Those are just a handful of the success stories coming out of Europe thanks to the GDPR laws. One thing is for sure, when you cover stories about digital rights, a common theme is that you unearth a lot of disappointing and outrageous stories. Being impressed by something is something of a rarity. This, indeed, is one of those rare moments where you can’t help but be impressed with how much positivity is coming out of a law. Really, GDPR is becoming four magical letters when it comes to European privacy related stories.
Drew Wilson on Twitter: @icecube85 and Facebook.