Facial recognition and artificial intelligence work together to create a safety technology that is increasingly popular in many sectors and even in our daily lives. But how does facial recognition work and what are its pros and cons?
WHAT IS FACIAL RECOGNITION?
Today we are well aware of the close relationship between facial recognition and artificial intelligence. Facial recognition is certainly among the most innovative and revolutionary technological inventions of our time, it is a biometric technique that serves to uniquely identify a person on the basis of his/her facial contours.
Among the most popular facial recognition techniques are generalised facial recognition and adaptive regional facial recognition, which work on the basis of the different nodal points of a human face and help in identifying the person.
Artificial intelligence helps facial recognition because it is a form of intelligence typical of a smart system, which is created by trying to recreate a “human” intelligence mixed with the features of machines intelligence.
How does a facial recognition software work and what are its technologies?
Generally, facial recognition software is based on non-quality 2D images, i.e. flat images of the face that do not provide valid identification characteristics. Using a 2D image, a device is not able to recognize the length of the nose or the prominence of the forehead, but is based on brightness. In fact, facial recognition is unreliable in low light conditions.
Il riconoscimento facciale 3D
3D technology can solve the problem. 3D facial recognition is achieved through a technique called “lidar”. Face scan devices cast a laser pulse onto the face, which is filmed by an IR camera within the device. In this way the tool calculates how long it takes the IR light to bounce from the face to the device.
It uses this information to create a unique depth map of the entire face, to increase the accuracy of the software and decrease the possibility of error.
The thermal imaging camera for facial recognition
By using a thermographic camera that does not emit IR light but detects that emitted by objects, it is possible to detect also subtle differences in temperature. There are several ways to identify a face using the thermal imaging camera, but these are incredibly complicated techniques. Let’s see together why they are so complicated:
All types of facial recognition on the market
Let’s figure out how facial recognition works, and also the many facial recognition apps on the market today, with the three applications listed below:
THE PROBLEMS WITH FACIAL RECOGNITION
Australia is the country that most of all makes massive use of facial recognition. Starting from the photo taken to obtain a driving license or to issue / renew the passport. A federal bill allows government agencies and private companies to use documents uploaded to the national database for facial recognition. Such a measure should decrease identity theft.
On the other hand, those who obtain the passport sign a form to authorise the use of the photos for biometric correspondence. For “privacy advocates” the benefits of this system do not justify intrusion into people’s private lives. The highly invasive method for facial data collection also includes video surveillance.
THE GDPR FOR FACIAL RECOGNITION
The GDPR is the set of rules for regulating the use of facial recognition and massive biometrics. Here are the law articles related to it:
To legally process biometric data, it is necessary to use one of the legal bases provided for Art. 9.2, or the explicit consent of the interested party.
Consent for the processing of personal data
Explicit consent for the processing of personal data is required in certain circumstances in which serious data protection risks arise, such as in the case of facial recognition. To obtain consent, an explicit unequivocal declaration by the interested party is needed, perhaps in the form of a written declaration signed by the interested party.
In the online context, the interested party can give consent via an electronic form via e-mail or by using an electronic signature. Obviously, the interested partis can withdraw their consent at any time, without prejudice to the validity of the consent before the revocation.
The Impact Assessment
Impact Assessment is essential to reduce the risk of disclosure of personal data in facial recognition. It is an independent evaluation made by the Data Controller to analyse the need and risks of the treatment itself. It is mandatory in these cases:
To determine if a treatment is carried out on a large scale, reference must be made to the number of interested subjects, the volume and type of data, the duration and geographic scope of the treatment activity.
The Impact Assessment must contain the following documents:
How to guarantee the security of personal data
To protect data online and digitally, they need to be completely anonymous, for example by removing the name before they are recorded in a database. The data anonymisation software creates a high level of security, but alternatively there is pseudonymisation. It is a technique that prevents data from being attributed to a specific person without the use of additional information, stored separately and subject to technical guarantee measures.
Among the measures adopted by the GDPR there are:
Privacy and facial recognition
The Swedish privacy authority has sanctioned a high school for having implemented one of the most original systems for biometric recognition by using it to record the presence of students with facial recognition technology. The presence of students was captured and recorded through smart cameras, to automate daily operations and save the customary 10 minutes, as well as around 18k per year.
The biometric data were collected by the cameras in the form of photographs of the students’ faces and stored on a computer without an internet connection. Explicit consent was collected from the student’s legal representatives, but nevertheless no DPIA or consultation was carried out. This is the reasons why, according to the Stockholm privacy authority, the school has violated some articles of the GDPR.