As more organisations consider or deploy facial recognition systems in public places, the European Commission is considering laws that would give citizens rights over their facial recognition data. 

There are questions about the capabilities of facial identity verification software and what it means for consumer safety and privacy, when it is used for security and authentication and in social media and targeted advertising. 

That considered though, companies in Europe already supposedly have to overcome a number of hurdles to put in place legally tight facial recognition technology (FRT). 

The EU’s general data protection regulation (GDPR) prohibits the collection of sensitive biometric data that can be used to uniquely identify people. New rules being considered would aim to “set a world-standard for AI regulation.” 

Gus Tomlinson, head of strategy at identity management specialist GBG, said: “Regulation is key to the success of facial recognition, to ensure that all organisations and governments take responsibility and are transparent with their use of the technology. Consumers need protection and to know their rights, but regulations need not hinder innovation and progress with facial recognition.” 

Debbie Heywood, senior professional support lawyer in the IP/IT group at international law firm TaylorWessing, said: “There can be no doubt that GDPR introduces new hoops for the data controller of commercial FRT personal data to jump through. In some circumstances, the law will restrict what the technology is capable of doing. 

“This may be frustrating for businesses but it is surely a good thing for our personal privacy. Those wishing to use FRT must be careful to comply with all relevant aspects of GDPR and to minimise risk, including by carrying out a DPIA and having appropriate security and retention procedures in place.”