The ICO has revealed an opinion on the usage of stay facial recognition know-how and the EU knowledge safety authorities have referred to as for a ban on the usage of AI for automated recognition of human options in publicly accessible areas.
On 18 June the ICO revealed a blog post and opinion on the usage of stay facial recognition know-how (LFR) in public locations. These apply to each public and personal sector organisations, however don’t cowl the usage of LFR for regulation enforcement functions. The opinion identifies the next key points with LFR:
- the governance of LFR methods, together with why and the way they’re used;
- the automated assortment of biometric knowledge at velocity and scale with out clear justification;
- an absence of alternative and management for people;
- transparency and knowledge topics’ rights;
- the effectiveness and the statistical accuracy of LFR methods;
- the potential for bias and discrimination;
- the governance of watchlists and escalation processes;
- the processing of kids’s and susceptible adults’ knowledge; and
- the potential for wider, unanticipated impacts for people and their communities.
The opinion notes that it isn’t the ICO’s position to ban know-how, however to lift consciousness of information safety regulation, clarify the way it applies, and monitor and implement the regulation. The opinion focuses on summarising the regulation and the way it applies to LFR, then offers a abstract of key necessities for controllers:
- The controller should determine a specified, specific and bonafide function for utilizing LFR in a public place.
- The controller should determine a sound lawful foundation and meet its necessities.
- The controller should determine and meet situations for processing particular class knowledge and legal offence knowledge.
- Using LFR have to be mandatory and ought to be a focused and efficient strategy to obtain the controller’s function.
- The controller should show that they can not obtain their function by utilizing a much less intrusive measure.
- Using LFR have to be proportionate.
- The LFR system ought to be technically efficient and sufficiently statistically correct.
- The controller ought to handle the chance of bias and discrimination and should guarantee truthful therapy of people.
- The controller have to be clear and supply clear details about how they’re processing private knowledge.
- The controller ought to undertake a DPIA (knowledge safety impression evaluation).
- The DPIA should take into account the dangers and potential impacts of the processing on knowledge topics’ rights.
- The controller should adjust to the knowledge safety ideas.
When utilizing LFR for surveillance, controllers should:
- guarantee the usage of watchlists complies with knowledge safety regulation; and
- the place there may be collaboration with regulation enforcement, guarantee roles and tasks are clear with acceptable governance and accountability measures in place. All events should meet the necessities of theUK GDPR and the Knowledge Safety Act 2018.
When conducting a DPIA, controllers:
- ought to undertake a DPIA in accordance with the annex to the opinion earlier than beginning to use LFR; and
- should seek the advice of the ICO if the DPIA signifies that the usage of LFR would lead to a excessive threat that the controller can’t mitigate.
The ICO opinion doesn’t handle synthetic intelligence (AI) intimately, however flags it as a problem and directs readers to its separate guidance on AI and knowledge safety. See the March 2021 subject of DWF Knowledge Safety Insights for our report on the ICO toolkit, which is designed to assist organisations to adjust to this toolkit. On 21 June the European Knowledge Safety Board and European Knowledge Safety Supervisor published a joint opinion calling for a basic ban on utilizing AI for automated recognition of human options in publicly accessible areas, together with recognition of faces, gait, fingerprints or voice. It is going to be fascinating to see how the EU law-making establishments and the ICO react to this opinion.