Facial Recognition Technology and Individual Privacy Rights.

Live facial recognition has been igniting huge debate about its numerous benefits and dangers to individual privacy rights. It is already being used, and will doubtlessly be introduced in more locations, as its efficacy and accuracy develop. The use cases of this technology are numerous. Security and policing will benefit from recognising faces of wanted suspects in databases and from being able to deter serious crimes and allow security forces to track movements and carry out arrests.

The London Met has been using live facial recognition to match faces in public spaces with a collection of known suspects on a watchlist. It carries out an exact measure of the contours and proportions of the face. If a match is generated, an alert is sent to an officer in the area. The police officer still has to check if the match is accurate before stopping the person. It is claimed that the biometric data of those who do not generate an alert is ‘automatically and immediately deleted’.

Data of those faces that do create alerts when matched to a watchlist is only supposed to be stored for up to 31 days, or until the conclusion of legal proceedings, which could be a lengthier duration.?

Finding missing people could also prove to be a hugely important use case for this technology. Combining this possibility with aging software to match recorded faces would offer another tool in missing person’s cases.

Data privacy organizations are not as enthusiastic about the benefits of live facial recognition. In fact, they generally focus on its assault on a right to privacy. The idea of recording a human face and storing it for further use without asking for consent is the core of the problem. Some U.S cities, such as Boston and San Francisco have banned or limited the use of this growing technology.

Biometric surveillance can extend beyond facial recognition. New techniques already being used in China can distinguish an individual by his gait. A close analysis of a person’s stride can provide extremely accurate matches to individuals.?

In the EU, The General Data Protection Regulation does not explicitly refer to facial recognition. Nevertheless, the collection and processing of personal biometric data are covered. Biometric data is classified as a special category of data and there are limitations where it is used to identify an individual. The unrestricted use of facial recognition technology would clearly contravene this. There has to be a lawful ground for the collection and processing of biometric data, such as public interest. An outright ban on facial recognition technology is highly unlikely in the EU in the foreseeable future.

When we combine facial recognition technology with powerful analytics tools, it is becoming more and more difficult for us to hide from this rapidly growing technology.

Widespread data harvesting continues apace as facial images and videos are being scraped from the internet from a variety of sources such as Google Images, Facebook, Instagram, YouTube, Linkedin, and Twitter, among others.?Clearview is a U.S company specialising in this area. It estimates that it holds in the region of 3 billion facial images taken from the internet. Even for those rare people who think they are careful about avoiding showing their faces online, we can still appear or be tagged in other people’s photos. There are countless examples of people who have had their images uploaded to social media by friends and acquaintances. Amazon’s Ring doorbell system is another way to collect facial images. The inevitability of being caught up in this dragnet of collected profiles seems more and more certain.

If we look at the GDPR, we see that there are certain rights for EU citizens. The right to erasure is explicitly codified in Article 17 of the General Data Protection Regulation. There is an obligation for the data controller to erase the stored personal data of a data subject under certain circumstances. Where the data subject no longer consents to this collection of data or where there are no legal grounds for collecting the data in the first place. It would be interesting to see how this could be used to request that companies such as Clearview delete collected facial profiles of EU citizens, at least.

A Polish company called PimEyes has set up a global search engine for faces. With just one sample picture of a person’s face, this search engine will return other instances of that image from a huge database of photos. Getting one image of a person is extremely easy nowadays with a couple of clicks on any social media site or even Google Images. After uploading this facial image, other examples of the same face will be shown, sometimes with images of other people who look similar. Interestingly people who subscribe to the service can also receive alerts when new photos of the face they are searching for are uploaded online.

NtechLab is a Russian company claiming to have created the largest ‘real-time facial recognition project in the world’. They developed their FindFace application with the system already mentioned. This can pick out faces in a crowd and instantly cross-reference with stored databases of wanted or known suspects. Ntechlab is developing sets of face detecting glasses that will be worn by Police officers in Russia to identify people of interest in real-time. Interestingly, they offered their technology to track people who were breaking quarantine during lockdown. This type of extreme tracking is a warning as to how an authoritarian state could operate without any checks and balances.

This could all feasibly mean an end to anonymity in public spaces. As technology evolves, there will inevitably be hacks and tricks to try to get around it. Will people start wearing masks in public or even surgically altering their appearance in profound ways to try to escape the ever-present eyes on them??