The use of facial recognition for the sole purpose of determining a person’s skin colour, religious or other belief, sex, racial or ethnic origin, age, health or social status should be prohibited, the Council proposed on Thursday.
Make your memories, the owners of the online free photo-album website encouraged a visitor. A firm offered free unlimited storage of photos. A registered user could build an attractive website with his or her photos open-able on mobile devices. For the firm, it was a cloud storage business.
A 2019 investigative journalist report revealed that the Ever app used the private photos to train its facial recognition algorithm, which is then sold to clients. Federal Trade Commission independently found that Everalbum told users that it would delete photos and videos of users who deactivated their accounts. But the agency said the company had failed to do so through at least October 2019, instead of retaining them indefinitely.
In this case, the threat was mitigated by the closure of the firm. The U.S. regulator required to delete photos and videos of its users who deactivated their accounts, as well as any facial recognition algorithms developed with users’ photos or videos. The company also must delete all “face embeddings,” which it describes as “data reflecting facial features that can be used for facial recognition purposes” that were derived from users’ photos who didn’t give consent for their use.
The firms, which offer free storage of photos, both cloud-based and server-based, like Facebook, collect thousands of pieces of information about a user. And utilise photos to collect information on the shapes of the faces and other information that is unique for an individual.
Such information that consists of the specific combination of points (a mask) allows easily to identify the gender, race, age, and sometimes even precise view of a user's face.
A user is not aware that while they store their photos, the special scanners harvest the data from their photos. These scanners process and transform them into the algorithms, which are being offered to the marketing firms, said a specialist in biometric technologies Dr. Jens Volschule who advised European governments.
Users do not understand that publishing a photo on social media or storing it in the Cloud share much information about themselves and their families and friends. It means that the firm knows not only about what device they use. But it acquires information about a room, area, the objects, and the people. And such data allows today to create a mask of all of the people's faces on this photo and store it online databases without any limits, he added, he added.
Facial recognition creates risk in employment, insurance and education
Facial recognition is the system, which automatically processes the digital images containing individuals' faces. As a result, the system creates so-called face templates or "face embeddings" that are the exact digital copies of the photos. The users of such invasive systems include, justifiably, border control. But many online marketing and social media firms share and sell the most sensitive data without informing users.
The users have no understanding of how much these firms collect and sell sensitive data.
The Council of Europe has emphasised the danger of exploiting of the facial recognition system. The Consultative Committee of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data proposed a ban on “affect recognition” technologies – which can identify emotions and be used to detect personality traits, inner feelings, mental health condition or workers´ level of engagement. These technologies pose important risks in fields such as employment, access to insurance and education, the authors of the guidelines emphasised.
The Consultative Committee includes specialists representing the 55 states parties to the Convention as well as 20 observer countries.
At is best, facial recognition can be convenient, helping us to navigate obstacles in our everyday lives. At its worst, it threatens our essential human rights, including privacy, equal treatment and non-discrimination, empowering state authorities and others to monitor and control important aspects of our lives – often without our knowledge or consent, said Council of Europe Secretary General Marija Pejčinović Burić. But this can be stopped because these guidelines ensure the protection of people’s personal dignity, human rights and fundamental freedoms, including the security of their personal data, she added.
The facial recognition only for the state authorities, not private firms
The Council's Committee in charge of data protection suggested that the necessity of facial recognition technologies has to be assessed together with the proportionality to the purpose and the impact on the rights of the data subjects. It also emphasised that the biometric data should not be stored online but rather in the separate memory storage connected via intranets.
Law enforcement should have access to such data on the principle of proportionality that is an absolute necessity. The staff should be trained and demonstrate good character.
No facial recognition in shopping centers or schools
The Council calls to remove facial recognition from schools, firms, and shopping areas, and re-introduce less intrusive security solutions. Firms should be banned from the use of facial recognition without the knowledge of the customer. Private firms must be banned from using facial recognition systems for marketing or private security purposes, the authors of the guidelines emphasised.
Whenever protection is needed, the user must have free choice to use a password or an identification badge, the specialists said.
The state should establish supervisory authorities that could be consulted systematically, and before envisaged projects with facial recognition and other biometric technologies, the Council said.
The Council of Europe addressed the guidelines to governments, legislators and businesses, and the 47-state human rights organisations calling for a debate and new regulations on the use of facial recognition.
The idea is to give access to simple concepts that could alert the data subjects before they decide to use a facial recognition technology, to understand what it means to use sensitive data such as biometric data, how facial recognition works, and to alert them to potential dangers, notably in case of misuse.