The article mentions the AI Act and claims it “restricts the use of remote biometric identification — including facial recognition technology — in public places unless it is to fight “serious” crime, such as kidnappings and terrorism”, which I am afraid seems rather hollow as that is basically how it is already used.
I’m not sure whether it’s the reporting that’s confused or the politicians, but this distinction between three different things (“facial recognition technology”, “private facial recognition databases”, and “predictive policing”) is very strange. Modern facial recognition algorithms are just clustering vectors, and facial recognition databases are just lots of pictures of faces, neither seems well-defined enough to easily ban. And predictive policing is just plain bizarre - what relationship does that have with facial recognition at all?
Don’t retail stores in Europe use in-store analytics? These often employ cameras to track shoppers when they are in the store. They use sentiment analysis to figure out what shoppers like, the cameras look for people lingering more than usual and alert security, they use it to track how people move through the store to optimize layout, and when you finally pull out your credit card and buy something, they can link up your real world identity with all the footage they’ve just captured.
I think it’s pretty gross, but without government actions like this it will not stop.
> neither seems well-defined enough to easily ban
Seems like it would be easy enough to define. If an image or any other kind of data generated from an image is used in the process to identify a person, then you are doing facial recognition.
Some of the stuff you listed under “in-store analytics” is more like “in-store statistics”, the kind of privacy problems addressed by this bill/proclamation don’t seem related to analyzing CCTV footage to optimize store layout or determine which products are popular, and it doesn’t seem like either the reporting or the politicking here is concerned with that. If they are then taking that information and trying to tie it to an identity based on credit card purchases, I do agree that’s gross and I wouldn’t object very hard if governments tried to stop that from happening (though I’m skeptical that facial recognition is doing much of the work in this paradigm, and I’m also skeptical that it works at all - most of this “know your customer” stuff is compelled by regulatory compliance, and the other stuff that is sold as improving conversion tends to be vaporware that fails to materialize real benefit).
>If an image … is used in the process to identify a person, then you are doing facial recognition
This is an easy definition of facial recognition that is very hard to ban! Police departments are doing facial recognition to catch criminals by this definition, and I don’t mean this in some narrow technical “well actually” sense: I mean that e.g. detectives in metro cities are given large binders of face pictures of many pickpockets and other criminals, they study these faces and train to recognize them in a crowd, and they go out in public aiming to recognize them. But my point was not that facial recognition is hard to define, my point was that “facial recognition technology” and “private facial recognition databases” and “predictive policing” are weird categories or distinctions to make.
Various police departments are also abusing facial recognition as undisclosed primary evidence and putting the wrong people in jail, in addition to destroying lives and forcing people to prove innocence after being assumed guilty.
A link would be useful: there are rumours eu shopping centers are tracking (anonymously!) cell-phone routes through shopping centers; some places have sensors outside there windows to track foot tracffic and window shoppers but I've never heard of actual tracking of customers via facials: I rather suspect that would be a PR disaster.
Nb - I alwaysys turn off my phone when going into shopping centers.
In Finland, at least, the most common way is to get people to download an app, or join a bonus club. I'm sure they use visual analytics too, but identifying store visitors means storing personal data, which you can't do without explicit consent.
Are you talking about the GPDR? In Finland, are you allowed to store personal information? Can you maintain an address book or contact information on your phone? Does the law distinguish between commercial and non-commercial uses of personal information?
"Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."
Attempting to ignore physics and mathematics when making the law tends to not work out well....
At the same time a law can't narrowly target a specific technology, which then is bypassed easily by changing some technicality, but must be broad enough to cover different technical implications, while specific enough to catch the case you want to catch.
Most means available would be used to fight serious crime. Imagine police saying "We cannot track the kidnapper of your child; we would be able to if we used facial recognition, but we're legally disallowed to use it". The voters won't support a case like that.
Note that unlike e.g. crackable encryption, facial recognition for law-enforcement needs can be deployed in a limited area for a limited time.
OTOH I see the value in banning facial recognition for e.g. marketing purposes. Even if you totally don't mind improving your personal shopping experience this way, detailed information about your location, exterior, gait, etc, is a dangerous asset in hands of criminals who steal it from the well-meaning commercial entities. It would e.g. greatly simplify identity theft, then snatching your assets and burdening you with large debts. The fewer copies of such info exists, the better; zero is best.
Video footage can still be used to fight crime without facial recognition. The kidnapper's car, clothing, direction, location (as determined from multiple cameras along the route), and more can be used.
In addition, if there is clear evidence of a crime, they could be required to get a warrant. At least that way a judge can determine if what is being done is arbitrary or has substantial justifications for going further.
I see almost no value in companies deploying facial recognition software at will, and lots of room for abuse. It's a shame that while the EU is considering banning facial recognition they are mandating it for non EU residents to enter the region.
It's nice to ban random facial recognition, but it's still a non-binding resolution. And I'm sure European cops would get around it the same way we get around it here in the states: just use a corporate / commercial entity as an intermediate.
I may be wrong, but I think EU already has a soft ban on private entities doing facial recognition in public.
Even if it hadn’t, if a government entity is banned from doing something, it doesn’t matter if it’s hiring employees or contractors to do it - I think that is the spirit of the law in EU. In US it’s obviously different.
Strange. The EU wants to prohibit facial recognition, which humans can still do, but wants backdoors into encryption. I'd rather allow facial recognition in public places but have communications privacy.
Different players in the EU push for different things. Some people in the commission push for surveillance tools. Some people in the parliament push for privacy.
It is missing the right for own initiative and doesn't have budget powers, which is consequence of EU not being a state, but a union of independent states. However it has to vote and agree on all EU regulations and changes the proposed initiatives quite a lot. However EU parliament politics are ... complicated between party family and national interests.
A big problem is that its negotiations happen outside the spotlight. News focus on national parliaments and national governments and following EU debate is painfulnkt only, but also due to the multilinguality.
How would banning facial recognition databases work? Would there be a limit to the variety of photographs one can have? To the metadata one could associate with them? What would happen if a general image and video recognition module for a robot began to recognize different people? This seems like a slippery slope to me.
Presumably, you couldn't sell them or offer third party facial recognition services or deploy facial recognition systems in your stores. You could probably try and be coy and "well, actually" your way out of it, but the courts generally don't like that.
I’m not sure whether it’s the reporting that’s confused or the politicians, but this distinction between three different things (“facial recognition technology”, “private facial recognition databases”, and “predictive policing”) is very strange. Modern facial recognition algorithms are just clustering vectors, and facial recognition databases are just lots of pictures of faces, neither seems well-defined enough to easily ban. And predictive policing is just plain bizarre - what relationship does that have with facial recognition at all?