EDPS urges ban on remote biometric identification in public spaces

On 10 February 2021 the European Data Protection Supervisor (EDPS) issued a formal opinion urging EU lawmakers to impose a broad prohibition on remote biometric identification—including live facial recognition—in publicly accessible areas. The EDPS argues that pervasive biometric tracking undermines privacy, non-discrimination, and freedom of assembly, and it recommends that any AI legislation include explicit safeguards, transparency, and oversight mechanisms.

Fundamental Rights Concerns

The EDPS opinion identifies specific fundamental rights at risk from widespread biometric surveillance. Privacy concerns extend beyond data protection to encompass the chilling effect on behavior when individuals know their movements and associations are tracked. Non-discrimination risks arise from documented accuracy disparities in facial recognition systems across demographic groups, potentially leading to disproportionate law enforcement attention for certain populations.

Freedom of assembly and expression face threats when protest participation or political activity can be automatically identified and recorded. The opinion argues these risks are not adequately addressed by purpose limitations or use restrictions, warranting categorical prohibition rather than regulated use. Academic research demonstrating higher error rates for women, darker-skinned individuals, and elderly populations amplifies fairness concerns.

Proposed Safeguards

For any AI legislation permitting limited biometric identification uses, the EDPS recommends explicit safeguards: prior judicial authorization for deployment, strict necessity and proportionality requirements, transparency about system capabilities and limitations, regular audits of accuracy and fairness, and meaningful oversight mechanisms with enforcement authority.

The opinion influenced subsequent EU AI Act negotiations, which ultimately included significant restrictions on remote biometric identification in public spaces, though with some law enforcement exceptions that civil society organizations continued to contest. National setup varies, with some member states advocating stricter prohibitions while others seek operational flexibility for security applications.

Technical Accuracy Limitations

Biometric identification systems face inherent accuracy constraints that compound fundamental rights concerns. False positive rates—identifying innocent individuals as matches—create wrongful detention risks and reputational harm. False negative rates allow actual subjects to evade detection, undermining claimed security benefits.

Environmental factors including lighting conditions, camera angles, aging of reference images, and deliberate evasion techniques significantly impact real-world accuracy compared to controlled testing environments. The EDPS argues these technical limitations make reliable, fair deployment in public spaces essentially impossible with current technology.

Enterprise Deployment Considerations

Organizations considering biometric identification systems should conduct full fundamental rights impact assessments before deployment. These assessments must evaluate necessity—whether less intrusive alternatives achieve legitimate aims—and proportionality—whether benefits justify identified risks.

Transparency obligations require clear disclosure of biometric system presence and purposes. Individuals must understand when and how their biometric data is collected, processed, and retained. If you are affected, establish explicit retention limits and deletion procedures for biometric templates and associated data.

Governance Framework Requirements

Effective biometric governance requires documented policies addressing system procurement, deployment authorization, accuracy monitoring, incident response, and oversight responsibilities. Procurement evaluations should include bias testing across demographic groups and independent accuracy verification.

Human oversight mechanisms should specify intervention points where automated decisions receive human review. Complete automation without meaningful human involvement raises both accuracy and accountability concerns that governance frameworks must address.

Global regulatory environment

The EDPS opinion reflects growing global consensus on biometric surveillance risks. Similar restrictions emerged in various U.S. jurisdictions, with cities like San Francisco prohibiting government facial recognition use. Private sector deployments face increasing scrutiny from privacy regulators worldwide.

Organizations operating across jurisdictions face compliance complexity as biometric regulations diverge. A conservative approach applying strictest applicable standards may simplify compliance while demonstrating commitment to responsible technology use.

You may also find useful

Hand-picked articles on adjacent topics.

AI · Credibility 90/100 · September 5, 2024

Council of Europe

The Council of Europe adopted the Framework Convention on AI in September 2024—the first legally binding international treaty on AI. It covers human rights, democracy, and rule of law considerations. While it is not as…

AI · Credibility 92/100 · March 1, 2021

NSCAI Final Report Released — March 1, 2021

The NSCAI’s 756-page final report detailed 96 recommendations to sustain U.S. AI leadership, linking trillion-dollar investments in research, talent, secure infrastructure, and allied coordination to concrete defense and…

AI · Credibility 92/100 · January 12, 2021

National AI Initiative Office Launch — January 12, 2021

OSTP’s National AI Initiative Office now anchors U.S. AI governance, unifying strategic planning, standards coordination, workforce programs, and stakeholder engagement through the AI.gov portal.

AI · Credibility 92/100 · January 1, 2021

U.S. National AI Initiative Act Enacted — January 1, 2021

Congress embedded the National AI Initiative Office, advisory committee, and cross-agency reporting mandates into law, requiring agencies and partners to align governance, standards, and workforce plans with a…

AI · Credibility 90/100 · December 10, 2020

UK AI and National strategy

The UK government released its AI Roadmap, outlining strategic priorities for artificial intelligence development and adoption across the British economy. This document establishes foundational guidance for AI…

Continue in the AI pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• AI Governance Implementation Guide

  Operationalise the EU AI Act, ISO/IEC 42001, and U.S. OMB M-24-10 requirements with accountable inventories, controls, and reporting workflows.

• AI Incident Response and Resilience Guide

  Coordinate AI-specific detection, escalation, and regulatory reporting that satisfy EU AI Act serious incident rules, OMB M-24-10 Section 7, and CIRCIA preparation.

• AI Procurement Governance Guide

  Structure AI procurement pipelines with risk-tier screening, contract controls, supplier monitoring, and EU-U.S.-UK compliance evidence.

Coverage intelligence

Published

February 10, 2021

Coverage pillar

AI

Source credibility

73/100 — medium confidence

Topics

biometric surveillance · facial recognition · fundamental rights · EU privacy

Sources cited

3 sources (edps.europa.eu, cvedetails.com, iso.org)

Reading time

5 min

Documentation

1. EDPS opinion on the European Commission’s White Paper on Artificial Intelligence — edps.europa.eu
2. CVE Details - Vulnerability Database — CVE Details
3. ISO/IEC 42001:2023 — Artificial Intelligence Management System — International Organization for Standardization