The EU is closer to banning AI mass surveillance

EU stars surrounding a fallen CCTV camera.

What’s worse than mass surveillance? That’s surveillance that uses facial-recognition tech. And the EU has taken the first step to ensure it doesn’t become the new standard for policing.

In a new proposal published on Wednesday, the European Commission has put forward regulations that, if passed, will restrict and regulate the use of artificial intelligence for “indiscriminate surveillance” and prohibit the monitoring and tracking of people in both digital and physical environments.

[Get the latest privacy news. Sign up for the ExpressVPN blog newsletter.]

If it becomes law, this would also set a precedent for countries like the U.S. and China, who are yet to introduce similar regulation on artificial intelligence—while also arguably far ahead of Europe in the field of AI.

What’s in the legislation

The 108-page draft outlines several key pieces of legislation to regulate AI systems as they’re developed and implemented in Europe.

In its current state, the proposal will prohibit law enforcement from using real-time remote biometric identification systems in publicly accessible spaces, meaning that in nearly all situations, any form of police mass surveillance that implements facial recognition or other biometric data would not be allowed.

Read more: Go incognito: How to avoid surveillance in real life

The draft does specify, however, that some prohibitions will not apply when implemented by EU governments or public authorities to “safeguard public security.”

It would also ban public authorities from using a “social scoring” system similar to the one implemented in China, as well as systems that would exploit vulnerable groups or “deploy subliminal techniques beyond a person’s consciousness in order to materially distort a person’s behavior.”

Aside from outright bans, the legislation also sets standards for “high-risk” AI systems that are intended to be used as a safety component of a product or the product itself. This would include essential infrastructure like roads, water supply, gas, and electricity. These systems must meet a slew of requirements including compliance with data-privacy rules, transparent documentation for its users, and human oversight. A violation of any of these regulations could result in fines of up to either 20 million EUR or 4% of a company’s global annual turnover, whichever is higher.

Lastly, a new European Artificial Intelligence Board will be created to decide whether an AI system is compliant and its risk levels.

‘GDPR for AI’

Parallels have been drawn between this new legislation and the General Data Protection Regulation, which was introduced in 2016 to rein in Big Tech’s data-collection practices.

Its introduction created a template for similar legislation in California and other non-EU countries, which while flawed, has enforced accountability upon countries that collect personal data.

It is likely that the EU’s first attempt at regulating and restricting AI will also be used to inspire non-EU states to adopt similar regulations: on the same day the EU released its proposal, the U.S. Federal Trade Commission released a statement outlining the ways it would use existing laws to “prohibit unfair or deceptive practices (including) the sale of racially biased algorithms.”

Questions raised over exceptions

The ambitious law has nonetheless raised plenty of questions and concerns over potential loopholes, in particular the vague language surrounding the exemptions to the rule.

For example, while law enforcement would generally be blocked from using “remote biometric identification systems,” exemptions can still be made in serious cases such as finding abducted children and certain crimes that could range from murder to fraud. There is also the question of what counts as AI that “safeguards public security,” wording that could serve to justify the use of AI systems by the military or any public security agency.

There is also the question of the European Artificial Intelligence Board: Whoever sits on the board will have significant influence over which AI technologies will be restricted and allowed.

The legislation has just been introduced and will go through rounds of debates and amendments before it gets passed into law. It is likely that the majority of this legislation will not be changed, but it remains to be seen whether the EC will address the concerns raised by some of the vague wording and exceptions that appear to undermine the very efforts to rein in AI use for surveillance.

What do you think about the legislation? Let us know in the comments.

Read more: 10 countries with top data privacy laws

Jamie writes about current issues concerning digital privacy and security and is known to interview leading figures in tech. He also keeps an eye on changes in government censorship and surveillance.