The artificial intelligence law that the European Commission has been shaping since 2020 finally officially entered into force on August 1st. The law, which was approved by all EU member states in May, established a framework for artificial intelligence applications throughout Europe. Among the articles published in Eur-Lex, the EU’s legal institution, the most striking ones are the regulations regarding individuals’ biometric data. The regulations regarding the data in question are comprehensively described between Articles 14 and 18 of the law. The law includes warnings regarding the use of biometric data only for identity verification purposes in a digital environment and to secure data related to individuals’ private lives.
BIG SANCTION
However, the “high risk” category in the regulation and the warnings listed in five articles raise doubts about the extent to which the misuse of biometric data can be prevented. In fact, the artificial intelligence constitution takes a risk-based approach and imposes sanctions on applications depending on the level of risk. Strict obligations are foreseen for “high-risk” applications.
PAY ATTENTION TO EMOTION RECOGNITION
In the high-risk category, there are medical devices, credit decision systems, education scoring and remote biometric identification systems. Biometric recognition includes social scoring systems that categorize citizens according to data analysis and emotion recognition technologies. This situation is stated in Article 14 of the law as “Biometric data may enable the verification, identification or categorization of the identity of natural persons and the recognition of the emotions of natural persons. It is included with the expressions.
HEARTBEAT WILL BE DETECTED
Article 15 of the regulation includes the following limitations on what can be considered biometric data: “The concept of ‘biometric identification’ mentioned in this regulation should be defined as the automatic recognition of physical, physiological and behavioral human characteristics such as face, eye movement, body shape, voice, prosody, gait, posture, heart rate, blood pressure, odor, keystroke characteristics, by comparing the identity of the individual with biometric data stored in a reference database.”
WITH OR WITHOUT CONSENT!
Article 15 defines biometric verification without the need for the individual’s consent as follows: “It is intended to be used for biometric verification, including identity verification, and for the sole purpose of confirming that a specific natural person is who he claims to be and confirming the identity of a natural person for the sole purpose of accessing a service, unlocking a device or providing secure access to facilities… Such specific categories may relate to aspects such as gender, age, hair color, eye color, tattoos, behavioral or personality traits, language, religion, membership in a national minority, sexual or political orientation.“
FEELINGS CAN BE RECOGNIZED
Emotion recognition systems included in the scope of biometric data are also defined as follows: “The concept of ’emotion recognition system’ referred to in the regulation should be defined as an artificial intelligence system for the purpose of determining or inferring the emotions or intentions of real persons on the basis of their biometric data. The concept expresses emotions or intentions such as happiness, sadness, anger, surprise, disgust, embarrassment, excitement, shame, humiliation, satisfaction and amusement.“
FULL IMPLEMENTATION IN 2026
It was stated that all articles in the European Union’s artificial intelligence law will gradually come into force by 2026. In the statements made, it was stated that the restrictions on general-purpose systems will not be applied until 12 months after the artificial intelligence law comes into force. It was announced that bans on artificial intelligence systems considered to be high-risk will be implemented after six months.
(email protected)