The opinion of the Guarantor for the protection of personal data on the use of the Sari Real Time system by the Ministry of the Interior is not favorable . The system, in addition to being without a legal basis that legitimizes the automated processing of biometric data for facial recognition for security purposes, would create a form of indiscriminate / mass surveillance as it is designed.
The system submitted to the Authority’s examination and not yet active allows, through a series of cameras installed in a specific geographical area, to analyze the faces of the subjects in real time, comparing them with a predefined database (called “watch-list “), which can contain up to 10,000 faces.
If, through a facial recognition algorithm, a correspondence is found between a face present in the watch-list and a face recorded by one of the cameras, the system is able to generate an alert that draws the attention of the Police Forces operators. The system, designed and developed as a mobile solution, can be installed directly at the place where the need arises to have a facial recognition technology to assist the Police Forces in the management of order and public safety, or in relation to specific needs of the Judicial Police. The system also allows you to record the images taken by the cameras, performing a video surveillance function.
The Guarantor, in line with the provisions of the Council of Europe, considers the use of facial recognition technologies for the purpose of preventing and repressing crimes to be extremely delicate. It should be considered, in particular, – affirms the Guarantor – that Sari Real Time would carry out a large-scale automated processing that can also concern people present at political and social events, who are not the object of “attention” by the police. And even if in the impact assessment presented the Ministry explains that the images would be immediately deleted, the identification of a person would be achieved through the processing of the biometric data of all those present in the monitored space, in order to generate models comparable with those of the subjects included in the “watch-list”. This would lead to an evolution in the very nature of surveillance activity, which would mark a transition from targeted surveillance of certain individuals to the possibility of universal surveillance.
It is precisely because of their strong interference with the private life of individuals that the privacy legislation establishes strict precautions for the processing of biometric data and for particular categories of data (for example, those suitable for revealing political, trade union, religious opinions , sexual orientations), which must find justification on an adequate normative basis. Regulatory basis that was not found in the documentation provided by the Ministry of the Interior.
According to the Guarantor, an adequate regulatory basis should take into account all the rights and freedoms involved and define the situations in which the use of such systems is possible, without leaving a wide discretion to those who use it. This also applies to fundamental aspects of the use of the facial recognition technique, such as the identification criteria of the subjects that can be included in the watchlist, the consequences in the event of false positives or the full adequacy of the system towards people belonging to ethnic minorities. .
Rome, April 16, 2021
Source: The Italian Data Protection Authority
Related Document: