“The RGPD was not designed for facial recognition or data mining”: three years later, Europe is already asking to renew it
It arrived in May 2018 and since then, the General Data Protection Regulation (RGPD) has served to impose more than 270 million euros of fines for non-compliance. But the world is going very fast. Not even three years have passed since Alex Voss, one of the fathers of the GDPR, is already openly talking about the need for “some kind of surgery.”
In statements to Financial Times, the German lawyer, politician and an important voice in the European Commission for his role in the RGPD, Privacy Shield o la copyright reform, has explained that the European Data Protection regulation needs to be revised, not only because of the pandemic and teleworking, but also because of the emergence of a large number of new technologies.
Facial recognition calls into question the entire European data regulation
“We must be aware that GDPR is not made for blockchain, voice or facial recognition, text and data mining, or artificial intelligence“Voss says.” We cannot adhere to principles established in the 1980s that do not reflect the new situation in which we live. ”
The renowned politician points to the difficulties of the RGPD in the protection of individuals in their homes, mainly in cases of teleworking. For this reason, he believes that Europe should “review the regulation in detail”.
Facial recognition is named as one of the problematic technologies. Y it is not the first major European office to point to him. In February 2020, Margrethe Vestager, Commissioner for Competition of the European Commission, explained that “as it is right now”, facial recognition did not fit into the regulation.
„Reclaim your face“ started a petition on ban of #FacialRecognition. A complete ban is not helpful, ie when it comes to identifying criminals. Of course, such use needs strong safeguards and prevent any form of #masssurveillance. @EU_Commission will propose #AI rules on 21/04.
– Axel Voss MdEP (@AxelVossMdEP) February 18, 2021
On the contrary, Sophie in’t Veld, a Dutch MP who also worked with the GDPR, explains to FT that it was worked for five years in the RGPD and that “the idea that we have overlooked something is not plausible. The GDPR is also very general legislation that leaves a lot of flexibility for implementation.”
In response to Engadget, Jorge Morell Ramos, specialized in Internet Law for Business and a consultant at Legaltech, believes that “adjustments and clarifications are required, such as those raised last year with its first review two years after its application.” In relation to technologies such as blockchain, he acknowledges that “it does not get on quite well.”
However, for the rest of the technologies named as facial recognition or data mining, remember that they already existed when the standard was created and he does not believe that they pose “a great obstacle”. “A different question is that they want to reform the rule to change the approach, make it more flexible and less guaranteeing”, Morell explains.
Sergio Carrasco, Balearic lawyer expert in blockchain, AI and privacy, points out that a renewal of the General Data Protection Regulation is not necessary: ”these technologies comply with the regulation.
“The problem is that an adequate initial work is not done to guarantee the principle of privacy by design and by default. For example, exposing all data to the blockchain as it is may not be the best option, that is why there are offchain solutions , leaving identifiers in the chain, “explains Carrasco, who believes that” revisions may be made, as is the case with other standards. “
Image | Vodafone Institute