Economie, emploi et travail
Politiques, institutions et démocratie
Libertés publiques et éthique
Inclusion numérique et solidarité


Facial Recognition: Embodying European values

  • Libertés publiques et éthique

Facial Recognition: Embodying European values

  • Libertés publiques et éthique

DOWNLOAD THE REPORT [English version]


TÉLÉCHARGER LE RAPPORT [Version française]


Key Takeaways:

Facial recognition technologies: probabilistic tools that process sensitive data

  • Facial recognition technologies are based on artificial intelligence methods that apply so-called deep learning techniques to the field of computer vision, enabling the recognition of faces in images (video or still) based on biometric data. In this way, they differ from behavioral or emotional recognition technologies, which are based, for example, on the analysis of hand movements, trembling, eye movements or facial muscles.


  • The processing of biometric data is, in principle, prohibited within the European Union (EU). The use of biometric data makes facial recognition technologies highly sensitive. The use of these technologies should be limited to exceptional cases only, and an alternative should always be preferred.


  • Facial recognition technologies include a wide variety of technologies. Not all uses (public or private, consented to by individuals or without their knowledge, in real time or deferred time, etc.) involve the same sensitivity and risk.


  • Facial recognition technologies are not foolproof. Their systems can be subject to significant security breaches and some technologies can induce biases that can lead to racist, sexist or ageist discrimination. 


  • Beyond these technical shortcomings, some flaws may also result from human intervention in the interpretation of the results of these probabilistic technologies. It is essential that the users of these technologies be trained in their operation.


  • Any decision made in which facial recognition technology is involved is the result of a chain of events. Therefore, it is essential to ensure that the decisions at each step in the chain are explainable, right up to the human decision.

The legal framework surrounding facial recognition technologies in Europe is relatively comprehensive, but its application is fragmented and inefficient

  • Within the EU, facial recognition technologies are relatively well framed legally, either by fundamental rights, or by various European (GDPR, Law Enforcement Directive) and national texts (Loi Informatique et Libertés for example in France) that complement them. However, this legal framework suffers from weaknesses in its application, making it inefficient.


  • On the one hand, European regulations are applied in a variable manner from one member state to another, particularly in the domain of fundamental research. In addition, national regulatory authorities have disparate and insufficient human and financial resources to devote to proper implementation. 


  • On the other hand, this framework suffers from difficulties with respect to guaranteeing fundamental rights. In the absence of a priori verification, it is complex to ensure the consistency of facial recognition technologies with our fundamental rights. As for the analyses carried out ex post by the courts, these require that the matter be referred to a judge, as well as a considerable investment on the part of the applicant, particularly in terms of time and skills. 

Faced with the predominance of the United States and in order to guarantee its citizens' fundamental rights and freedoms, the European Union needs a robust European standardization system for facial recognition technologies

  • The U.S. National Institute for Standards and Technology (NIST) currently dominates the international market for the standardization of facial recognition technologies. The evaluation criteria established by the NIST are widely used worldwide, including in European tenders. However, these standards refer exclusively to technical criteria.


  • In order to establish its digital sovereignty and protect the fundamental rights and freedoms of its citizens, the EU must define its own standards taking into account legal dimensions. When it comes to facial recognition technologies, the reliability of a system cannot be determined simply by its technical performance.


  • As facial recognition technologies are evolving, their compliance with European standards must be regularly assessed, as well as the standards themselves.


  • The adoption of these standards must be achieved by imposing them in the context of European, national and local public procurement, including for trials. This obligation must guarantee their large-scale adoption through a performative effect. 


  • Beyond their adoption, the imposition of these standards in the context of public procurement should allow an effective framework for public surveillance.


  • To achieve its standards, the EU must rely on a multi-stakeholder governance body, bringing together expertise in the fields of standardization and fundamental rights, including personal data protection, and, more generally, rights defense.


  • The implementation of the European standardization system also requires investment (financial and human resources) from member states to strengthen the European supervisory authorities.


DOWNLOAD THE REPORT [English version]


TÉLÉCHARGER LE RAPPORT [Version française]