欧盟执法人员使用面部识别技术和隐私问题.pdf

《欧盟执法人员使用面部识别技术和隐私问题.pdf》由会员分享，可在线阅读，更多相关《欧盟执法人员使用面部识别技术和隐私问题.pdf（41页珍藏版）》请在三个皮匠报告上搜索。

1、EU Law Enforcers Using Facial Recognition Technology(FRT)&Privacy ConcernsSPEAKERSJYOTHI V KGeneral Counsel&Sr.Vice President(Legal)Aditya Birla Fashion and Retail Limited,Bengaluru,IndiaNIKHIL NARENChevening ScholarAssistant Professor,Jindal Global Law School,Sonipat,IndiaOf Counsel,Scriboard,New D

2、elhi,IndiaINDEXHEADING OF CONTENTSLIDE NOS1.Introduction and context setting5-102.Working of FRT and technical challenges11-193.EU Legal Framework and jurisprudence20-254.Use cases of FRT by police in EU States&privacy 26-315.EU AI Act and FRT32-376.Way forward38-401.INTRODUCTIONFacial recognition t

3、echnology(FRT)?1.Combination of AI technology and biometric identifier(Face)2.FRT helps identify individuals by mapping a picture or video to an existing data base.3.Non-intrusive extraction of data1.2 USES OF FRT1.Detection and prevention of crime2.Detection of missing children3.Monitoring of movem

4、ent of people in airports and public spaces4.Banking and retail5.Identity verification for phone access,etc.1.3 FRT GLOBAL MARKET According to Grand View Research,the global facial recognition market size was valued at USD 5.15 billion in 2022 and is expected to grow at a compound annual growth rate

5、(CAGR)of 14.9%from 2023 to 2030.1.4 WIDESPREAD USE OF FRT BY POLICE GLOBALLYAccording to Paul Bischoff on comparitech,the research conducted by his team on the use of FRT in 100 countries shows that almost 80%of the governments apply invasive FRTs,and 70%of police forces globally have access to some

6、 form of FRT1.5 BAN ON FRT IN THE EU“Reclaim your face”,a campaign led by the civil rights NGO European Digital Rights,has been demanding a ban on FRT from October 20201.6 BAN ON FRT IN THE USFacial Recognition andBiometric TechnologyMoratorium Act of 2023-Introduced in the Senate on 03/07/2023-Read

7、 twice and referred to the Committee on the Judiciary.2.WORKING OF FRTTHREE KEY STEPS IN AUTOMATED FACE RECOGNITIONI.Face detection and normalizationII.Extraction of features and accurate face normalizationIII.Classification(verification and identification)2.1.FRT IS EVOLVINGhttps:/ acc on 28-02-242

8、.2 LIMITATIONS OF FRTPoor recognition due toOcclusionHeterogenous face recognitionAgeingSingle sample face recognitionVideo surveillance Soft biometrics not reliablePast,Present and Future of Face Recognition:A ReviewBy Insaf Adjabi and othersElectronics 2020,9(8),1188;https:/doi.org/10.3390/electro

9、nics90811882.3 OPEN CHALLENGES OF FRT Lack of database issue Large scale data base Recognition errors due to ageing,physical appearance,cosmetics,and occlusions2 D Images Overcome the limitations of 2D Significant improvement in accuracy LACK OF 3D facial recognition data base3 D Images2.4 OPEN CHAL

10、LENGES OF FRT AI Bias issueFacial recognition technology has 34 per cent error rate in identifying Black women compared to 0.8 per cent for white males.22 Aug 23https:/ OPEN CHALLENGES OF FRTAI Blackbox IssueAccording to Associate Professor Samir Rawashdeh,just like our human intelligence,a deep lea

11、rning system never keeps track of the inputs that informed its decision making a long time ago.https:/umdearborn.edu/news/ais-mysterious-black-box-problem-explained(accessed on 16-02-24)2.6 FRT accuracyThe 2022 Biometric Technology Rally conducted by the Department of Homeland Securitys Science and

12、Technology Directorate,attributed approximately 97%of the system errors to the acquisition system camera and 3%of the system errors to the face recognition algorithm.2.7 HOW DOES AN IDEAL FRT LOOK LIKE?Always fasterClose to 100%accuracyOptimal securityminiaturizedPortable equipmentELUSIVE?2.8 POSSIB

13、LE SOLUTIONS?Human interventionAdditional soft identifiersGen AI-Multi-ethnic data baseProcess around use and prohibitionTechnical parameters of FRT and periodic testing(NIST)3.EU LEGAL FRAMEWORKI.EU Charter of Fundamental Rights(“the Charter”)II.Treaty on Functioning of the European Union(“TFEU”)II

14、I.General Data Protection Regulations(“GDPR”)IV.EU Law Enforcement Directive(“LED”)V.European Union AI Act,2023(“AI ACT”)VI.Guidelines on the Use of FRT in the Area of Law EnforcementVII.European Data Protection Board(EDPB)guidelineson processing of personal data through video devices and European D

15、ata Protection Supervisor(“EDPS”)3.1 CHARTER AND TFEUArticle 8-Right to Protection of Personal Dataa)processed fairly for specified purposes b)basis of the consent c)some other legitimate basis laid down by lawd)control by an independent authority,Article 42-Right of Access to DocumentsArticle 16 of

16、 TFEU-Right to Protection of Personal Data.3.2 GDPR&FRTI.European Data Protection Board(“EDPB”)enunciates upon the aspect of consent and knowledge of the individual.II.Ensure human intervention and oversight of the results to avoid automation biasIII.Deployment of FRT at every nook and corner,fails

17、to take proper consent.IV.Non-consensual surveillance with a warning sign informing the customers of FRT by the entrance of a retail store is not GDPR compliant.Public interest and Law Enforcement are wide enough to be misused and breach privacy of an individual.3.3 LAW ENFORCEMENT DIRECTIVE(LED)I.P

18、rocessing of special categories of dataII.LEA ObligationsIII.Competent Independent Supervisory Authority IV.Data Protection Impact AssessmentV.Rights of Data Subjects and redressal mechanismVI.Right to Compensation 3.4 EU Jurisprudence.S.and Marper v UK ECLI:CE:ECHR:2008The Court held that the reten

19、tion of fingerprints,DNA profiles,and cellular samples constituted a violation of the right to private life under Article 8 of the Convention due to lack of necessary legal safeguardsDigital Irelands Case,ECLI:EU:C:2014:238.Storage of telecommunications data by the Internet Service Providers to avoi

20、d crime is against Article 7&8 of the charter.Tele2 Sverige case,ECLI:EU:C:2016:970Indiscriminate retention and storage of telecommunications data by the Internet Service Providers to avoid crime is against the charter and such measures are justifiable only for combating serious crimes like terroris

21、m,and must be limited and targeted,with clear rules and safeguards.P.N.v.Germany The Court recognised that the collection and storage of personal data such as photographs,fingerprints,and palm prints,as well as a physical description will be a permissible interference if there is pressing social nee

22、d and proportionality of the action.3.5 UK JurisprudenceR v.the Chief Constable of South Wales Police(AFR Locate UK Bridges case)2020 EWCA Civ 1058It was held that surveillance and use mass data collection of biometrics without consent could have a disproportionate impact on the rights to freedom of

23、 expression and assembly due to its potential deterrent effect.Gaughran v.The United Kingdom,2020 ECHR 144The court ruled that the UKs indefinite retention of DNA,fingerprints,and photographs was a disproportionate interference with right to privacy because the UKs policy lacked necessary safeguards

24、 and did not strike a fair balance between public interest and individual rights,thus violating Article 8 of the Convention.4.EU CASE STUDIESI.Videmo 360 GermanyThe Hamburg Police deployed facial recognitionsoftware“Videmo 360”and collected facial images toconduct investigations on incidents that oc

25、curredduring the G20 summit in 2018.Videmo 360 usedpublic and private database created from privaterecordings,police video surveillance,and train stationCCTV to identify people and stored it in a policedatabase.The Hamburg DPA determined that Hamburg policehad failed to establish a legal basis for p

26、rocessingand storing biometric data and ordered the deletion ofthe face templates4.1 EU CASE STUDIESII.Cologne-GermanySince April 2016,the Cologne Police Headquartershas intensified its surveillance capabilities aroundkey areas,notably the main station forecourt andthe Cologne Cathedral,with the ins

27、tallation of 26high-end,biometric-ready cameras capable of livefacial recognition.On 18 January 2021,the Cologne Administrative Court injuncted the Cologne Police to refrain from conducting video surveillance,considering that video surveillance unreasonably interfered with the plaintiffs fundamental

28、 right to informational self-determination.4.2 EU CASE STUDIESIII.CATCH-Netherlands Clearview AI use by Dutch Police-A report by ReformatorischDagblad revealed Dutch police officers used Clearview AI software between 50 to 100 times from 2018 to 2020.In April 2020,Minister Ferd Grapperhaus denied th

29、e use of Clearview AI by Dutch authorities,contradicting the leaked information.Clearview AI reportedly gathered images without consent,often from private social media accounts.CATCH System use by Dutch Police-Dutch police use CATCH for comparing images from surveillance with a criminal justice data

30、base,containing photos of convicted and suspected persons.Controversially,police also access a database containing facial photos of non-EU foreigners,including asylum seekers and students,raising discrimination concerns.4.3 EU CASE STUDIESIV.Mannheim Public Surveillance Project The Mannheim Public S

31、urveillance Project inAlter Messplatz,Germany,aims to train AIalgorithms to identify public safety threats usingintelligent video surveillance technology.Initiated in 2018 as part of Baden-Wrttembergsinterior ministry effort,it involves AI-equippedcameras detecting behaviors like hitting andstrangli

32、ng.Itcanconfusehuggingwithstrangling,and it is unclear whether it canactually prevent violence.4.4 KEY TAKEAWAYS FROM CASE-STUDIESMORE ABOUT PROCESS AND NOT ALGOsPurpose not justifiedCollecting images from public media accounts without consentVideo surveillance unreasonable interference4.5 INSUFFICI

33、ENCY OF LEDI.Law Enforcements fall outside the purview of GDPR.II.Imbalance of power while taking mandatory consent makes FRT susceptible to misuse.III.LED has a principle-based approach.IV.Principle-based approach may lead to each member state making own laws,leading to multiplicity of legislations

34、.V.Application to competent authorities without any definitive consequences and application.5.EU AI ACT&FRTPROHIBITED AI RELATING TO FRT:creating or expanding facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage.5.1 EU AI ACT:REAL-TIME FRT PROHI

35、BITED,BUT5(1)(d)real-time remote biometric identification(RBI)in publicly accessible spaces for law enforcement is prohibited,EXCEPT when:(1)searching for missing persons,abduction victims,and people who have been human trafficked or sexually exploited;(2)preventing substantial and imminent threat t

36、o life,or foreseeable terrorist attack;or(3)identifying suspects in serious crimes(e.g.,murder,rape,armed robbery,narcotic and illegal weapons trafficking,organised crime,and environmental crime,etc.).5.2 EU AI ACT-PERMITTED REAL-TIME FRTBefore deployment,police must;(i)complete a fundamental rights

37、 impact assessment and register the system in the EU database,though,in duly justified cases of urgency,deployment can commence without registration,provided that it is registered later without undue delay.(ii)obtain authorisation from a judicial authority or independent administrative authority,tho

38、ugh,in duly justified cases of urgency,deployment can commence without authorisation,provided that authorisation is requested within 24 hours.(i)If authorisation is rejected,deployment must cease immediately,deleting all data,results,and outputs.5.3 EU AI ACT-PERMITTED REAL-TIME FRTAuthorization aut

39、horities to notify Market surveillance and Data Protection Authorities of Member States Market surveillance and Data Protection Authorities of Member States to NOTIFY THE EUROPEAN COMMISSIONEC to publish the reports of use of real-time FRTReporting and publication obligations5.4 EU AI ACT-PERMITTED

40、REAL-TIME FRTAdditionally,Member States concerned shall:lay down in their national law the necessary detailed rules for the request,issuance and exercise of,as well as supervision and reporting relating to,the authorizations referred to in paragraph 3.introduce,in accordance with Union law,more rest

41、rictive laws on the use of remote biometric identification systems.5.5 EU AI ACT Vs.FRT-unaddressed gaps Limitations of FRT not considered Time for EU Technical standards for assessment of standards of FRT on the lines of NIST?Whether empherical evidence of proportionality and necessity mandatory fo

42、r authorizing authorities?Ban automated FRT?Over emphasis on Real-time Kind of data base for training FRT?6.WAY FORWARDMult-ethnic GEN AI databaseFRT findings combined with other identifiersMIX OF LAW AND GUIDELINESPIA and AUDITS mandatoryPrinciples for deployment of real-time FRTBan on arrest basis

43、 FRT findings6.1 Principles for deploymentDisciplined Deployment GuidelinesFRT Database open for scrutiny Human Intervention shall be made necessary before relying on FRT.Defined aspects of urgency,necessity and proportionalityFRT FOR EU LAW ENFORCEMENT AUTHORITIES?HOW DID THINGS GO?(WE REALLY WANT

44、TO KNOW)Did you enjoy this session?Is there any way we could make it better?Let us know by filling out a speaker evaluation.1.Open the Cvent Events app.2.Enter IAPP DPIUK24(case and space sensitive)in search bar.3.Tap“Schedule”on the bottom navigation bar.4.Find this session.Click“Rate this Session”within the description.5.Once youve answered all three questions,tap“Done”.Thank you!