The use of facial recognition for the sole purpose of determining a person’s skin colour, religious or other belief, sex, racial or ethnic origin, age, health or social status should be prohibited, the Council proposed on Thursday.

Make your memories, the owners of the online free photo-album website encouraged a visitor. A firm offered free unlimited storage of photos. A registered user could build an attractive website with his or her photos open-able on mobile devices. For the firm, it was a cloud storage business.

A 2019 investigative journalist report revealed that the Ever app used the private photos to train its facial recognition algorithm, which is then sold to clients. Federal Trade Commission independently found that Everalbum told users that it would delete photos and videos of users who deactivated their accounts. But the agency said the company had failed to do so through at least October 2019, instead of retaining them indefinitely.

In this case, the threat was mitigated by the closure of the firm. The U.S. regulator required to delete photos and videos of its users who deactivated their accounts, as well as any facial recognition algorithms developed with users’ photos or videos. The company also must delete all “face embeddings,” which it describes as “data reflecting facial features that can be used for facial recognition purposes” that were derived from users’ photos who didn’t give consent for their use.

Firms under the guise of free online services like email, social media accounts, and cloud-storage
are collecting pieces of private information about users
which they sell without any control, often violating ethics

The firms, which offer free storage of photos, both cloud-based and server-based, like Facebook, collect thousands of pieces of information about a user. And utilise photos to collect information on the shapes of the faces and other information that is unique for an individual.

Such information that consists of the specific combination of points (a mask) allows easily to identify the gender, race, age, and sometimes even precise view of a user's face.

A user is not aware that while they store their photos, the special scanners harvest the data from their photos. These scanners process and transform them into the algorithms, which are being offered to the marketing firms, said a specialist in biometric technologies Dr. Jens Volschule who advised European governments.

Users do not understand that publishing a photo on social media or storing it in the Cloud share much information about themselves and their families and friends. It means that the firm knows not only about what device they use. But it acquires information about a room, area, the objects, and the people. And such data allows today to create a mask of all of the people's faces on this photo and store it online databases without any limits, he added, he added.

Facial recognition creates risk in employment, insurance and education

These technologies pose important risks in fields such as employment, access to insurance and education, the authors of the guidelines emphasised.

The Consultative Committee includes specialists representing the 55 states parties to the Convention as well as 20 observer countries.

At is best, facial recognition can be convenient, helping us to navigate obstacles in our everyday lives. At its worst, it threatens our essential human rights, including privacy, equal treatment and non-discrimination, empowering state authorities and others to monitor and control important aspects of our lives – often without our knowledge or consent, said Council of Europe Secretary General Marija Pejčinović Burić. But this can be stopped because these guidelines ensure the protection of people’s personal dignity, human rights and fundamental freedoms, including the security of their personal data, she added.



The facial recognition only for the state authorities, not private firms

The Council's Committee in charge of data protection suggested that the necessity of facial recognition technologies has to be assessed together with the proportionality to the purpose and the impact on the rights of the data subjects. It also emphasised that the biometric data should not be stored online but rather in the separate memory storage connected via intranets.

Law enforcement should have access to such data on the principle of proportionality that is an absolute necessity. The staff should be trained and demonstrate good character.


No facial recognition in shopping centers or schools

The Council calls to remove facial recognition from schools, firms, and shopping areas, and re-introduce less intrusive security solutions. Firms should be banned from the use of facial recognition without the knowledge of the customer. Private firms must be banned from using facial recognition systems for marketing or private security purposes, the authors of the guidelines emphasised.

Whenever protection is needed, the user must have free choice to use a password or an identification badge, the specialists said.

Private firms must be banned from using facial recognition systems for marketing or private security purposes.

The state should establish supervisory authorities that could be consulted systematically, and before envisaged projects with facial recognition and other biometric technologies, the Council said.

The Council of Europe addressed the guidelines to governments, legislators and businesses, and the 47-state human rights organisations calling for a debate and new regulations on the use of facial recognition.

Every person must be informed what it means to use sensitive data and how facial recognition works

The idea is to give access to simple concepts that could alert the data subjects before they decide to use a facial recognition technology, to understand what it means to use sensitive data such as biometric data, how facial recognition works, and to alert them to potential dangers, notably in case of misuse.