Facial recognition technology use by US federal agencies

Facial Recognition Technology use: A Survey of Current and Future Uses by US Federal Agencies.

Facial recognition technology use by both the public and private sector has been the topic of much debate worldwide. In Europe, in recent years, there have been calls for a ban on the use of this technology, giving authorities time to process the possible implications of its use and therefore figure out how best to regulate its use. In the US, facial recognition technology is already being used by many US federal agencies, according to this statement reflecting the results of a recent survey. This survey, conducted by the Government’s Accountability Office, of 24 federal agencies, concluded that facial recognition technology had practical military-grade applications from cybersecurity to physical security and criminal investigation. The results of the survey also reflected that facial recognition technology is being used by several of these government agencies for various purposes. 

Most of the government agencies surveyed reported that they use facial recognition technology for various purposes. 

Through the years, there has been a definite increase in the use of, and interest in facial recognition technology, which makes it even more essential to fully understand its usability across the board. The Government’s Accountability Office was assigned to assess agencies’ use of facial recognition technology, facial recognition technology-related research, and its interaction with other entities in the fiscal year 2020, and their future plans for it until 2023. After completion of the survey, studying documents, and interviewing officials of 24 agencies, the Government’s Accountability Office published these findings. 18 of the 24 agencies surveyed reported facial recognition technology use for various purposes.

Digital Access: 

Sixteen agencies reported the use of facial recognition technology for Cybersecurity or digital access. Fourteen of those sixteen agencies used facial recognition technology for unlocking agency-issued smartphones. The other two used facial recognition technology to monitor persons accessing government websites.

Law enforcement:

In the field of law enforcement, six of the federal agencies used facial recognition technology to generate leads in investigations. They used the technology for identifying offenders as well as finding out about crime victims through publically available resources.

Physical Security:

Another five agencies use facial recognition technology for surveillance. One such agency detects persons on watchlists and alerts the security personnel. In addition, ten agencies expressed that they were conducting research and development regarding facial recognition technology, including its ability to identify people wearing masks.

Plans for Future Facial Recognition Technology Use:

Around ten agencies plan on expanding the use of facial recognition technology by 2023. There have been plans expressed regarding the use of facial recognition technology to automate the identity verification process at airports.

In Europe, there have been calls for a ban on facial recognition technology use in public spaces. 

In Europe, Privacy watchdogs have called, as recently as June, for a ban on facial recognition technology use in public spaces. The EDPB and EDPS released a joint statement in June, calling for this ban. While the organizations welcomed the aim of EU bodies to address this, there is also concern about the exclusion of international law enforcement cooperation. Considering the extremely high risks associated with remote biometric identification of individuals in publicly accessible spaces, the organizations decided to call for a general ban on any use of AI for automated recognition of human features in publicly accessible spaces. This includes all biometric identification including facial recognition. 

What does the GDPR say about facial recognition technology use?

The GDPR defines biometric data as personal data which results from specific technical processing of features of the physical, physiological or behavioral characteristics of a natural person, which allows or confirms the unique identification of that natural person, for example facial images or fingerprint data. In accordance with Article 9 of the GDPR, the processing of biometric data, which is classified as a special category of personal data, is prohibited, in the absence of explicit consent or direct legal grounds based on GDPR or other legislation. 

What key factors are important to note if planning on using facial recognition?

There are key factors to keep in mind if a business or organization plans to use facial recognition technology. To ensure that one is compliant when using facial recognition and other biometric technology, it is important to ensure that legal grounds are established according to the national laws as well as EU law. When collecting and processing special category data, explicit consent or any other of the conditions listed in Article 9 GDPR is needed. Where it is based on consent, it is important to also assess the validity of the consent being obtained. In addition, the principles of proportionality must be adhered to. A data protection impact assessment is necessary pursuant to Article 35 of the GDPR. Such an assessment helps determine risk specific to data protection and with regard to the rights and freedoms of the data subjects. 

“Not only the right to data protection might be affected by facial recognition technologies. If not diligently used, they may also harm other fundamental rights, such as the right to equality and non-discrimination. Accordingly, it is paramount that the whole legal framework is considered across the entire life cycle of both the facial recognition system and the outputs obtained through its use. The ability to ensure an adequate level of security and protection in all fields will determine the adoption of this technology and our capacity to enjoy the benefits it brings” states Cristina Contero Almagro, Partner in Aphaia.

Do you use AI in your organisation and need help ensuring compliance with AI regulations? We can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including Data Protection Impact Assessments, AI Ethics Assessments and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

Leave a Comment

(0 Comments)

Your email address will not be published. Required fields are marked *