The use of artificial intelligence and surveillance technology of various kinds is increasingly being used as a weapon in the fight against coronavirus around the world. Recent examples include the use of facial recognition software in Russia to enforce lockdown restrictions, while in France monitoring software has apparently been trialed with a view to using video surveillance cameras once lockdown has been moderated to determine whether citizens are adhering to social distancing rules and wearing masks.
In recent days it has been reported that various companies are in discussions with the UK Government regarding the use of facial recognition technology in connection with the much discussed concept of so-called “immunity passports”.
While potentially the use of digital “health certificates” may be helpful in assisting the relaxation of lockdown restrictions and aiding economic recovery, this remains a contentious issue, both in terms of the assurances that can be provided in respect of the immunity of individuals and the additional privacy concerns that the use of facial recognition technology in this context could raise.
Facial recognition technology is regarded by many as having the potential to be highly invasive and infringe individuals’ rights to privacy and the protection of their personal data. Among other things, there are concerns regarding the accuracy of facial recognition technology in certain circumstances and also the possibility of inherent bias developing within algorithms. Data controllers making use of facial recognition technology should consider whether its use is necessary or whether any potentially less intrusive alternative solutions are available and also whether such use is proportionate and appropriate.
Facial recognition technology involves the processing of biometric data for the purposes of uniquely identifying an individual, which constitutes a “special category” of personal data for the purposes of the GDPR. As such, more stringent conditions apply to its use and an appropriate legal basis for processing such data must be established. Data protection impact assessments will almost certainly be required before such technology can be adopted.
The use of facial recognition technology should also be fair, lawful and transparent and the purposes for which it is used should be limited. Such technology should involve the use of accurate personal data only, which is limited to the extent necessary for the purposes for which it is used and retained only for as long as is necessary for those purposes. In addition, all relevant personal data processed in connection with facial recognition technology should be kept appropriately secure, given the obvious risks to individuals if biometric data is compromised.
The use of facial recognition technology in the fight against COVID-19 is likely to be closely monitored by regulators. For example, in a recent blog, the UK Information Commissioner outlined how the priorities of the Information Commissioner’s Office have been re-shaped for the months ahead in the light of the COVID-19 pandemic, noting that, among other things, monitoring of intrusive and disruptive technology to ensure that privacy is protected while enabling innovation and supporting the economy will be an area of focus.
Among six identified priorities, the Information Commissioner stressed that both shaping proportionate surveillance and enabling good practice in artificial intelligence will be important considerations, observing that “we are prepared and shaping the ongoing development and use of AI in response to COVID-19, to ensure privacy considerations are engineered into the use of AI across the digital economy, from consumer products to surveillance applications.”
Clearly, the use of facial recognition and other biometric technologies in the battle against COVID-19 requires careful consideration by both the public and private sectors alike. Ultimately, however, increased surveillance may be regarded, at least to some extent and for a limited period, as a sacrifice worth making if it offers a way out of the current global coronavirus crisis.
Tech firms are in talks with ministers about creating health passports to help Britons return safely to work using coronavirus testing and facial recognition. Facial biometrics could be used to help provide a digital certificate – sometimes known as an immunity passport – proving which workers have had Covid-19, as a possible way of easing the impact on the economy and businesses from ongoing physical distancing even after current lockdown measures are eased.