Facial recognition

Automated facial recognition breaches GDPR, says EU digital chief

The EU’s digital and competition chief has said that automated facial recognition breaches GDPR, as the technology fails to meet the regulation’s requirement for consent.

Margrethe Vestager, the European Commission’s executive vice president for digital affairs, told reporters that “as it stands right now, GDPR would say ‘don’t use it’, because you cannot get consent,” EURACTIV revealed today.

GDPR classes information on a person’s facial features as biometric data, which is labeled as “sensitive personal data.” The use of such data is highly restricted, and typically requires consent from the subject — unless the processing meets a range of exceptional circumstances.

These exemptions include it being necessary for public security. This has led the UK’s data regulator to allow police to use facial recognition CCTV, as it met “the threshold of strict necessity for law enforcement purposes.”