The Greens/EFA group in the European Parliament has also advocated an EU-wide moratorium on the use of facial recognition and behavioral detection technology for mass surveillance of public spaces.
Led by the NGO European Digital Rights (EDRi), 44 organizations have sounded the alarm about indiscriminate biometric data collection. According to EDRi, as of May 2020, at least 15 European countries are experimenting with biometric technologies for purposes which amount to mass surveillance in public spaces. “These systems violate people’s privacy, fundamental freedoms and dignity, have a discriminatory impact, a chilling effect on our freedoms of expression and assembly, and put limits on our ability to participate in public, social and democratic activities,” said Diego Naranjo, Head of Policy at EDRi.
The phrase “biometric surveillance” conjures up images of shadowy, deep state actors controlling society in a dystopian future. But in reality, biometrics are already here to stay. From facial recognition and fingerprint scanning to unlock your phone, to fitness trackers monitoring heartbeat and temperature, biometrics are already widely used and stored by companies large and small.
Most discussion around surveillance focuses on state actors, but with companies building up detailed records of users, the genie is out of the bottle. Even if governments do not collect this data themselves, they can compel private companies to hand it over, and any effort to tackle bulk data retention and processing, must include businesses, corporations and other non-state organizations.
In the U.S., Silicon Valley giants Google, Amazon and Facebook, have already been called upon by government to come up with solutions to use geolocation, social media and biometric technologies to track users in an effort to slow the spread of COVID-19.
“The untargeted capture or processing of sensitive biometric data makes it possible for governments and companies … to use all these records against you – whether for law enforcement, public authority or even commercial uses,” says EDRi’s paper.
The NGOs are concerned that “the legitimization and normalization of privacy-invading surveillance infrastructures developed during the COVID-19 state of emergency” could become permanent. Activities such as taking people’s temperature before allowing access to shopping centers is just one example of how the current pandemic has dramatically increased biometric data collection. The aviation industry is already looking to increase biometrics to solve its concerns in the current crisis. While we will almost certainly see a move away from touch-based technologies such as fingerprint scanning, facial and iris recognition will likely see an uptick.
“The COVID-19 pandemic provides a stark example of what it feels like to live with limited freedoms – to move, to gather, to speak, to protest. Biometric mass surveillance in public spaces would make such emergency states of suspicion a permanent feature of public life,” explained Ella Jakubowska, Policy and Campaigns Officer at EDRi.
In the public call, the NGOs lay out several specific demands:
Member states must halt and dismantle all current uses of and plans for biometric mass surveillance
Member states must disclose all plans (in place and for the future) to use biometric technologies which may amount to mass surveillance
Member states must stop any legislation to legalize biometric mass surveillance and, instead, make sure that national legislation specifically prohibits this practice
EU bodies must cease all funding for schemes to develop, test or deploy biometric mass surveillance or biometric predictions
The European Commission must review all biometrics laws that could contribute or amount to mass surveillance
The European Commission must ensure through legislative and non-legislative measures that the use of biometrics for mass surveillance in public spaces is comprehensively, immediately and indefinitely banned in law and in practice.
“Accepting grossly intrusive biometric mass surveillance in our public spaces means accepting that our bodies and faces can and will be recorded as if we were in a perpetual police lineup. If companies or governments can deploy such technology, we risk increased population control and manipulation without our knowledge, as well as a deepening of power imbalances and lack of accountability. Mass surveillance is unlawful under EU law and these practices must be banned,” said Naranjo.
While all of these considerations are targeted at national authorities, businesses can play a role too. By adhering to the GDPR “data minimization” principles and not over-collecting biometric data in the first place. Companies that collect biometric data need to ask themselves questions about proportionality, and not allow a data collection free-for-all to become the norm.