The Council of Europe has called for strict rules to avoid the significant risks to privacy and data protection posed by the increasing use of facial recognition technologies. Furthermore, certain applications of facial recognition should be banned altogether to avoid discrimination.
In a new set of guidelines addressed to governments, legislators and businesses, the 47-state human rights organisation proposes that the use of facial recognition for the sole purpose of determining a person’s skin colour, religious or other belief, sex, racial or ethnic origin, age, health or social status should be prohibited.
This ban should also be applied to “affect recognition” technologies – which can identify emotions and be used to detect personality traits, inner feelings, mental health condition or workers´ level of engagement – since they pose important risks in fields such as employment, access to insurance and education.
“At is best, facial recognition can be convenient, helping us to navigate obstacles in our everyday lives. At its worst, it threatens our essential human rights, including privacy, equal treatment and non-discrimination, empowering state authorities and others to monitor and control important aspects of our lives – often without our knowledge or consent,” said Council of Europe Secretary General Marija Pejčinović Burić.
“But this can be stopped. These guidelines ensure the protection of people’s personal dignity, human rights and fundamental freedoms, including the security of their personal data.”
The guidelines state that a democratic debate is needed on the use of live facial recognition in public places and schools, in light of their intrusiveness, and possibly also on the need for a moratorium pending further analysis.
The use of covert live facial recognition technologies by law enforcement would only be acceptable if strictly necessary and proportionate to prevent imminent and substantial risks to public security that are documented in advance.
Private companies should not be allowed to use facial recognition in uncontrolled environments, such as shopping centres, for marketing or private security purposes.
The guidelines were developed by the Consultative Committee of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, which brings together experts representing the 55 states parties to the Convention as well as 20 observer countries.
The Convention, the first ever binding international treaty addressing the need to protect personal data, was opened for signature in Strasbourg forty years ago today, on 28 January 1981.