the digest  June 2021

Facial recognition in public places: growing European support for prohibition? 

On 21 June, two of the most important European privacy watchdogs—the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB)—announced a formal call for a general ban on the use of AI for automated recognition of human features in public spaces.

Their strong stance marks a shift in the debate around the regulation of facial recognition in Europe, and indicates growing momentum for more widespread prohibitions on its use.

Until now, the EU has adopted a risk-based approach to regulating AI-based technologies. Its Proposed Regulation on Artificial Intelligence classifies remote biometric systems as ‘high risk’ applications that warrant additional safeguards and prohibits the use of real-time remote biometric identification systems by law enforcement in public places, subject to public safety exemptions. Despite offering stronger protections for human rights, the proposal has been criticised by civil society groups, who fear the exemptions risk creating legal loopholes that pave the way for indiscriminate surveillance practices.

Outside Europe, regulatory efforts vary greatly among states. The Chinese government’s use of facial recognition to monitor its citizens and racially profile the country’s Uyghur Muslim minority group have been widely reported. Proposed Chinese regulation in this area—notably the draft standard on Security Requirements of Facial Recognition Data—is non-binding. In the US, by contrast, there are already local prohibitions on facial recognition in some cities and states, with pressure mounting for further legislative action at the federal level.

Resistance to facial recognition has also come from other stakeholders, including technology companies IBM, Amazon and Microsoft, who halted sales of their facial recognition products to law enforcement agencies in 2020 (for our reflections on this move, see here). UN bodies including the Office of the High Commissioner for Human Rights (OHCHR) and the Special Rapporteur on Freedom of Opinion and Expression have also opposed the use of facial recognition technologies in certain contexts, issuing calls for moratoriums until the protection of human rights is assured. 

These developments reinforce the need for Europe to adopt a rights-respecting approach to the use of facial recognition technology. While GPD welcomes the draft EU Regulation and the stronger human rights protections it affords, we also reinforce the critical need for regulatory efforts to be informed by states’ obligations to respect, protect and fulfil all human rights under international human rights law, as well as corporate human rights responsibilities under the UN Guiding Principles on Business and Human Rights. This must also be accompanied by meaningful multistakeholder consultation involving all relevant actors.

A few updates on online content

  • The UN Special Rapporteur on the promotion and protection of freedom of opinion and expression presented her report on disinformation and freedom of expression at the 47th session of the Human Rights Council. GPD previously responded to a consultation by the Special Rapporteur and our submission was cited several times in the final report
  • June was the ten year anniversary of the UN Guiding Principles on Business and Human Rights (UNGPs), a key framework for businesses implicated in the regulation of online content. To mark the occasion, we’ve created a dedicated UNGPs resource hub, bringing together a range of insight and tools, with a particular focus on the tech sector.
  • Some good news: a controversial provision in New Zealand’s draft online content legislation—which would have imposed mandatory internet filtering—has been dropped, following advocacy efforts by a coalition of civil society organisations including GPD, led by InternetNZ.

Cyber discussions at the UN: progress update

Negotiations on modalities for the new Open ended Working Group (OEWG) at the UNGA First Committee are ongoing, with member states still deciding what non-governmental stakeholder engagement will look like, what thematic sub-groups will be set up, and how they will operate. 

Some countries, namely Russia and China, are advocating for the thematic sub-groups to meet in parallel. Others argue this would make meaningful engagement difficult, by limiting the number of groups states can join. We’ve heard that the plan is to ensure agreement is reached on these questions in the next few months, ahead of the busy UN General Assembly session which begins in September, and the first substantive OEWG meeting, currently scheduled for December.

Elsewhere at the UN, June saw the Security Council’s first ever meeting on international peace and security in cyberspace. There, member states expressed broad consensus on the increasing threat of malicious incidents in cyberspace, with many mentioning attacks on critical infrastructure, disinformation (particularly with regards to anti-vaccination campaigns), cybercrime, and low levels of capacity to deal with these threats. A number of states, including Kenya, India, Tunisia, and Niger, made reference to “cyber-terrorism”—a contentious and loosely defined term which raises a number of concerns from a human rights perspective. Most states emphasised the centrality of the UN Charter, including the need for the peaceful settlement of disputes, and many cited their commitment to the agreed framework for responsible state behaviour, and an open, free, stable and secure internet. It was also welcome to hear states calling for respecting human rights in cyberspace, and acknowledging the key role played by non-governmental stakeholders in these discussions. You can watch a recording here.

Other news: 

Listening post

Your monthly global update, tracking relevant laws and policies relating to the digital environment.

On the online content side, we saw several important developments:

  • Australia’s Online Safety Act has now passed through both houses, following the inclusion of positive amendments suggested by GPD and other civil society groups. The bill—which gives Australia’s eSafety commissioner new powers to remove broadly defined “harmful” content— continues to pose risks to freedom of expression and privacy.
  • Canada has proposed a new law, Bill C-36, to regulate online hate speech.
  • Civil society groups in Laos have raised concerns over a spate of draconian government measures to monitor and regulate online speech.
  • After banning access to Twitter in early June, the Nigerian government has proposed a bill which would give its national broadcasting body powers to control all forms of internet broadcasting and social media. 
For emerging tech, June saw the Chinese government pass a significant piece of data protection legislation, the Data Security Law. We also saw the Australian government launch its AI Action Plan, as well as the announcement of the development of an Armenian National AI Strategy. The Biden Administration also launched the US National Artificial Intelligence Research Resource Task Force. 

On the trust and security side, a few updates on laws relating to cybersecurity and cybercrime: 
  • Zimbabwe’s controversial Cybersecurity and Data Protection Bill has been "gazetted" (published by the government)
  • Sierra Leone enacted its Cybercrime Bill, and Vanuatu passed its Cybercrime Act  
  • In Namibia, the Cybercrime Bill and Data Protection Bill processes have reportedly been postponed until 2021
Germany, the UAE and India have all confirmed that they are working on national cybersecurity strategies. Ecuador also approved its National Cybersecurity Policy, which includes references to human rights and multistakeholder participation. 

In Brazil, proposed reforms to the Code of Criminal Procedure have raised concerns, due to their potential to undermine encryption. The Global Encryption Coalition (of which GPD is a member) has published a statement outlining the key concerns. 

Finally, the parliament of Togo has authorised the ratification of the African Union Convention on Cybersecurity and Personal Data (The Malabo Convention). 
Copyright © 2019 Global Partners Digital.
All rights reserved

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
Global Partners Digital · Second Home · 68 Hanbury St · London, E1 5JL · United Kingdom

Email Marketing Powered by Mailchimp