RETRATO SIN IDENTIFICAR [Material gráfico]

Copia digital. Madrid : Ministerio de Educación, Cultura y Deporte, 201

MAPPING THE USE OF FACIAL RECOGNITION IN PUBLIC SPACES IN EUROPE A QUEST FOR CLARITY: UNPICKING THE "CATCH-ALL" TERM

Regulating the use of facial recognition and face analysis in public spaces is undoubtedlyone of the most pressing issues today when it comes to the regulation of artificial intelligencein democratic societies. There is an important debate going on worldwide about the “redlines” that should be established by regulators in order to prevent people’s freedoms beingendangered as the result of the use of facial recognition technologies (FRT). In Europeespecially, where privacy, data protection and human rights lie at the very heart of theEuropean integration project, this debate is more necessary and pressing than ever. Theimportance of this issue is reflected in the ongoing legislative work that has followed theEuropean Commission’s introduction, in April 2021, of the draft AI regulation, which includesseveral important proposals to regulate the use of facial recognition.Curiously, though, the debate about these fundamental questions is taking place in theabsence of a profound assessment of how existing European law is being applied to theseissues. Furthermore, the debate on these issues in Europe is also characterised by a high levelof imprecision. Journalists, activists and politicians sometimes have a tendency to treat“facial recognition” as a single monolithic bloc, lumping the different functionalities anduses of facial recognition together. In contrast, in an important Opinion published in 2019the French DPA, CNIL, stressed the importance of clarity and precision to fostering theconditions necessary for an informed and useful debate. “Behind the catch-all term, thereare multiple use cases” said the CNIL, adding that “in this context, a use-by-use approachmust be applied”.This is precisely the main objective of the “MAPping the use of Facial Recognition inpublic spaces in Europe” (MAPFRE) project. Our intention is to offer a detailed independentstudy that separately presents and analyses the different categories of FRT use in publiclyaccessible places in the European Union and the UK

Facial recognition for authorisation purposes (part 3)

Part 1 of our “MAPping the use of Facial Recognition in public spaces in Europe” (MAPFRE) project reports explained in detail what “facial recognition” means, addressed the issues surrounding definitions, presented the political landscape and set out the exact material and geographical scope of the study. Part 2 of our Reports presented, in the most accessible way possible, how facial recognition works and produced a “Classification Table” with illustrations, explanations and examples, detailing the uses of facial recognition/analysis in public spaces, in order to help avoid conflating the diverse ways in which facial recognition is used and to bring nuance and precision to the public debate. This 3rd Report focuses on what is, undoubtedly, the most widespread way in which Facial Recognition Technologies (FRT) are used in public (and private) spaces: Facial Recognitionfor authorisation purposes.Facial recognition is often used to authorise access to a space (e.g. access control) or to a service (e.g. to make a payment). Depending on the situation, both verification and identi fication functionalities (terms that are explained in our 2nd Report) can be used. Millions of people use FRT to unlock their phones every day. Private entities (such as banks) or public authorities (such as the French government in terms of the now abandoned ALICEM pro ject) increasingly envisage using FRT as a means of providing strong authentication in or der to control access to private or public online services, such as e-banking, or administra tive websites that concern income, health or other personal matters. FRT is increasingly being considered as a means of improving security when controlling and managing access to private areas (building entrances, goods warehouses, etc.). In public spaces, FRT is being used as an authentication tool for automated international border controls (for example at airports) or to manage access in places as diverse as airports, stadiums or schools. Pre Covid-19, there were a lot of projects to use in the future FRT in order to “accelerate people flows”, “improve the customer experience”, “speed up opera tions” and “reduce queuing time” for users of different services (e.g. passengers boarding a plane or shopping) but the advent of the Covid-19 pandemic has further boosted calls for investment in FRTs in order to provide contactless services and reduce the risk of contam ination. Supermarkets, such as Carrefour, which was involved in a pilot project in Romania, or transport utilities in “smart cities”, such as the EMT bus network in Madrid, which teamed with Mastercard to conduct a pilot project that enables users to pay on EMT buses using FRT, have implemented facial recognition payment systems that permit consumers to complete transactions by simply having their faces scanned. In Europe, similar pilot pro jects are currently being tested enabling the management of payments in restaurants, cafés and shops. Despite this widespread existing use or projected use of FRT for authorisation purposes we are not aware of any detailed study that is focusing on this specific issue. We hope that the present analytic study will help fill this gap by focusing on the specific issue of the use of FRT for authorisation purposes in public spaces in Europe. We have examined in detail seven “emblematic” cases of FRT being used for authorisation purposes in public spaces in Europe. We have reviewed the documents disseminated by data controllers concerning all of these cases (and several others). We have sought out the reactions of civil society and other actors. We have dived into EU and Member State laws. We have analysed a number of Data Protection Authority (DPA) opinions. We have iden tified Court decisions of relevance to this matter

« Défis et enjeux de l’application du principe de due diligence dans le cyberespace »

International audienc

“Legal Challenges concerning the application on Cyber sanctions by The European Union”

International audienc

The Role of the Military in the Cyber-Space: French Strategy and Institutions”

International audienc

‘Rien que la lex lata’ ? Étude critique du Manuel de Tallinn 2.0 sur le droit international applicable aux cyber-opérations

Codifying 154 “ rules” of customary international law applicable to cyber operations is the ambition of the Tallinn Manual 2.0. Since its publication, many Governments have immersed themselves in its study in order to better understand it and to evaluate to what extent its “ rules” could constitute an unavoidable reference in the field of cyberspace law. The purpose of this article is to contribute to the reflection by proposing a critical reading of this book and trying to identify if it suffers from certain weaknesses. The first part of this article shows that the methodology of the Manual is perhaps less imperfectible than suggested by its authors and that the identification of the lex lata and the codification of 154 customary “ rules” raise many questions, despite the efforts of the Director of the Manual to establish the ideological neutrality of its approach. The second part analyzes the contents of the Manual not so much focusing on “ what is going well” but rather on “ what is not so good”, highlighting some negligence, weakness or bias of the Tallinn Manual 2.0.Codifier 154 «règles » du droit international coutumier applicables aux cyberopérations, telle est l’ambition du Manuel de Tallinn 2.0. Depuis sa publication, nombre de chancelleries se sont plongées dans son étude afin de mieux le comprendre et d’évaluer dans quelle mesure ses «règles » pourraient constituer une référence incontournable en matière de droit du cyberespace. L’objet de cet article est de contribuer à la réflexion en proposant une lecture critique de cet ouvrage et en essayant d’identifier si celui-ci souffre de certaines faiblesses. La première partie de cet article montre ainsi que la méthodologie du Manuel est peut-être moins imperfectible que ce que suggèrent ses auteurs et que l’identification de la lex lata et sa codification de 154 «règles » coutumières soulèvent de nombreuses interrogations malgré les efforts du directeur du Manuel de convaincre du caractère idéologiquement neutre de sa démarche. La deuxième partie analyse le contenu du Manuel mettant l’accent non pas tellement sur «ce qui va bien » mais plutôt sur ce qui «va moins bien » en soulignant certaines négligences, faiblesses ou parti-pris du Manuel de Tallinn 2.0.Bannelier Karine. ‘Rien que la lex lata’ ? Étude critique du Manuel de Tallinn 2.0 sur le droit international applicable aux cyber-opérations. In: Annuaire français de droit international, volume 63, 2017. pp. 121-160

External Intervention Against ISIS and the Legal Basis of Consent

International audienc

Cyber Diligence: A Low-Intensity Due Diligence Principle for Low-Intensity Cyber Operations?

International audienc

Enjeu de la cyberguerre pour le principe de distinction

International audienc