On June 23, 2021, the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) shared a joint opinion regarding the European Commission’s AI regulation proposal.
The EDPB and the EDPS welcome the European Commission’s initiative, which is aimed at “addressing the use of AI systems within the European Union”. Likewise with regard to its scope, they welcome the fact that it extends to the provision and use of AI systems by EU institutions, bodies or agencies. However, the EDPB and the EDPS stress that it is necessary to “explicitly clarify that existing EU data protection legislation (GDPR, the EUDPR and the LED) applies to any processing of personal data falling under the scope of the draft AI Regulation”. Also, the EDPB and the EDPS “are concerned by the exclusion of international law enforcement cooperation from the scope of the Proposal”.
“Deploying remote biometric identification in publicly accessible spaces means the end of anonymity in those places. A general ban on the use of facial recognition in publicly accessible areas is the necessary starting point if we want to preserve our freedoms and create a human-centric legal framework for AI”.
Andrea Jelinek, EDPB Chair, & Wojciech Wiewiórowski, EDPS.
The following should be noted from the Opinion with regard to automated recognition:
- The risk-based approach is welcomed but this approach will need to be clarified and the notion of “fundamental rights risk” aligned with GDPR and the Regulation (EU) 2018/1725 (EUDPR).
- With regard to the classification of an AI system as high risk, the EDPB and the EDPS agree with the proposition that the classification “does not necessarily mean that it is lawful per se and can be deployed by the user as such”. In addition, the EDPB and the EDPS “consider that the requirement to ensure compliance with the GDPR and EUDPR should be included in Chapter 2 of Title III”, and therefore “the compliance with legal obligations arising from Union legislation (including on personal data protection) should be a precondition to being allowed to enter the European market as CE marked product”. Finally, according to the EDPB and the EDPS, the conformity assessment procedure should be adapted “so that third parties always conduct high-risk AI systems’ ex-ante conformity assessments”.
- The EDPB and the EDPS would like future AI regulation to prohibit any type of social scoring.
- “The EDPB and the EDPS call for a general ban on any use of AI for an automated recognition of human features in publicly accessible spaces – such as of faces but also of gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioral signals – in any context”. They also recommend a ban “on AI systems categorizing individuals from biometrics into clusters according to ethnicity, gender, as well as political or sexual orientation, or other grounds on which discrimination is prohibited under Article 21 of the Charter”. Finally, concerning the use of AI to infer a person’s emotions, the EDPB and the EDPS consider that this technology is “highly undesirable and should be prohibited”.
- The EDPS and the EDPB “welcome the designation of the EDPS as the competent authority and the market surveillance authority for the supervision of the Union institutions, agencies and bodies” while requesting that the role and tasks of the EDPS are clarified.
- With regard to the new European Artificial Intelligence Board (EAIB), they highlight that future AI Regulation “should give more autonomy to the EAIB and ensure it can act on its own initiative” in order to guarantee its independence.
Beyond the EU, a coalition of digital rights and consumer protection groups across the globe is calling for a global ban on biometric recognition technologies that enable mass and discriminatory surveillance.