New facial recognition bill passed in Washington state, constraining government use of facial recognition. What does the future hold for this technology in Europe and abroad?
A new facial recognition bill passed in Washington state recently will require public agencies to frequently report on their use of the technology and have it tested for fairness and accuracy. Law enforcement may use the technology, but must first obtain a warrant, except in cases of emergency. With this new facial recognition bill, any public agencies which use facial recognition technology to make decisions which may have legal repercussions must ensure that the results are tested by a human. This includes any testing that may have ramifications for someone’s ’s job, financial services, housing, insurance, and education.
Washington state’s new facial recognition bill also establishes a task force to study the use of facial recognition technology by government agencies. As civil rights groups and researchers claim that facial recognition can amplify human biases, American Civil Liberties Union (ACLU) is calling for a delay on the implementation of facial recognition by both local and federal government agencies. ACLU and MIT conducted studies of Amazon’s facial recognition software (Rekognition), which showed that the technology misidentifies women and people of color, more frequently than it does white men. While Amazon responded saying that the methodology of those studies was flawed, Amazon CEO, Jeff Bezos has deemed facial recognition “a perfect example of where regulation is needed.” Washington state is home to both Microsoft and Amazon, two of the largest US companies developing facial recognition software. Leaders at both companies have urged lawmakers to create new rules for facial recognition technology, which was, for the most part, unregulated.
The GDPR gives everyone the right to object to profiling, including biometric profiling like facial recognition, and also requires companies to conduct data protection impact assessments before systematically monitoring a publicly accessible area. Pursuant to Article 35 of the GDPR, “Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data”. For this reason, the EU has been considering a temporary ban on the use of facial recognition software.
Recently, on our vlog, we explored the ramifications of the use of facial recognition in public spaces. You can take a look at it right here, and also subscribe to our Youtube channel for more updates.
Does your company utilize biometric data such as fingerprinting, voice printing and facial recognition? If yes, failure to adhere fully to the guidelines and rules of the GDPR and Data Protection Act 2018 could result in a hefty financial penalty. Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, EU AI Ethics assessments and Data Protection Officer outsourcing. Contact us today.