Author: ReclaimYourFace

Today, 1^st of August at 23:59, our European Citizens Initiative comes to an end. However, our campaign carries on to influence EU leaders as they negotiate the AI Act.

We started the ECI in January 2021, calling for a new law that bans biometric mass surveillance. 18 months later, we are ready for reflections and for a celebration of all that we have achieved together.

We campaigned during a pandemic and worked with creative efforts to gather signatures while respecting privacy and protecting data. We adapted to the political reality and managed to influence EU’s negotiations. We built a coalition with 76 organisations from over 20 EU countries. We led national actions and we won.

Campaigning for privacy with privacy

Out of the 90 ECIs ever started, only 6 have been able to reach the threshold of 1 million signatories. All 6 used social media targeted advertising. In Reclaim Your Face we have a commitment to everyone’s privacy. Therefore, we gathered almost 80 thousand signatures without using any targeted social media advertisement (or as we call them, surveillance ads). Every single ECI signatory was reached directly by one of our partners or their supporters by sharing our posts, sending newsletters and collecting signatures in the streets.

A challenge? Yes. But organic reach gave us a great opportunity to have direct interactions with other organisations, a high level of engagement from our supporters, and quality conversations about biometric mass surveillance. In fact, all of these factors played out to make our petition the “most politically powerful ECI ever”, according to an insider part of the European Economic and Social Committee.

“Most politically powerful ECI ever”

Insider part of the European Economic and Social Committee.

This is how we did it:

Coalition building: Different voices across Europe

Reclaim Your Face aimed to have a diversity of voices represented in our call to ban biometric mass surveillance. We listened and worked especially with groups most affected by this exploitative practice.

We worked with LGBTQ+ advocates at AllOut, with football supporters association Fans Europe, with Roma and Sinti rights supporters at save space e.V. as well as Workers Union UNI Europa. Everyone- migrations organisations, privacy defenders, journalists, etc- united for one cause: banning biometric mass surveillance.

In total, we were joined by 76 organisations from 20 Member States – who represent over half a million supporters. Our coalition has been the backbone of our success.

Volunteers for paper signature collection

Once the pandemic allowed us to be present in offline spaces, we decided to organise a Bootcamp for those who wanted to help us gather signatures. We trained over 80 people from more than 7 countries on 3 topics: biometric mass surveillance issues, ECI data protection practices and offline engagement methods.

The new Reclaim Your Face volunteers collected signatures in their own cities and engaged with people in the streets, at universities, in parks and in other public spaces. Activists in Portugal, Italy, Germany, Czechia and Greece made time in their days to share their thoughts on biometric mass surveillance, inform other citizens about its’ incompatibility with human rights and collect paper signatures for our ECI.

Local national campaigns

Reclaim Your Face was decentralised, building communities in more than 6 countries that led national actions and successes. Among many, here are some of our national wins:

Germany

The campaign’s German movement led by EDRi members Chaos Computer Club (CCC), Digitale Gesellschaft and Digitalcourage worked with more than 16 organisations. They organised over 14 events and were part of social media stunts, Twitter storms, as well as offline peaceful manifestations. Almost 30,000 German citizens signed the campaign’s European Citizens’ Initiative, proving that people-powered action can create meaningful change.

• In May 2021, authorities dropped a project to establish a smart video surveillance system in the city centre of Karlsuhe after of Reclaim Your Face partner Chaos Computer Club’s chapter Karlsruhe complained. The plan involved an AI system that would analyse the behaviour of passers-by and automatically identify conspicuous behaviour. Previously, the exploitative biometric mass surveillance system was presented by authorities as “data protection compliant video surveillance”.
• In November 2021, the new German government announced their highly-anticipated coalition deal, includingthe strongest commitments seen so far in Europe to “rule … out” “biometric recognition in public”. They further called to “reject comprehensive video surveillance and the use of biometric recording for surveillance purposes”.

Italy

The Italian national campaign lead by Hermes Center, with more than 9 organisations in the coalition has coordinated many actions too, across almost 2 years.

• In May 2022, they organised a week of actions that included paper signature collection in Milan, Torino and Rome, presenting in an event about the temporary ban on facial recognition technology in public spaces in Italy and a field visit to the city of Como, the first city to implement facial recognition technology in their park in 2019 through an offer by Huawei. Their work was reflected in the Greens- European Free Alliance Group’s newly released mini-documentary (about the field trip to Como), and articles about the actions and results of Reclaim Your Face in Italy were published on national TV and radio station in the Czech Republic.
• In March 2022, after individuals (including Riccardo Coluccini) and Reclaim Your Face organisations (among them Hermes Centre for Transparency and Digital Human Rights and Privacy Network) filed a complaint against Clearview AI, Italian’s data privacy watchdog (Garante per la Protezione dei dati personali) fined Clearview AI the highest amount possible: 20 million Euros. The decision includes an order to erase the data relating to individuals in Italy and banned any further collection and processing of the data through the company’s facial recognition system.
• In September 2021 the Italian DPA fined €200 000 the Luigi Bocconi University for using Respondus, a proctoring software, without sufficiently informing students of the processing of their personal data and processing their biometric data without a legal basis.
• In April 2021, the Italian Data Protection Authority (DPA) rejected the SARI Real Time facial recognition system acquired by the Police and adopted moratorium on the use of facial recognition technologies in public spaces both by public and private actors.

Czechia

Leading organisation Iure has also organised many actions from creative work like comics and video clips, to paper signature collection days.

Two of the leading actions for Reclaim Your Face in Czechia has been the fight against biometric cameras at Prague airport and one of the seminars organised in the Chamber of Deputies where they talked about biometric cameras with police and political representatives.

Apart from this, in May 2022 in Prague, they spoke with people in the streets about biometric mass surveillance and its’ dangers for society. From April to July they also spoke and promote the campaign on five festivals and community screenings of their movie Digital Dissidents, which explores people that are critical to digital technologies.

Greece

Hellenic leading organisation of Reclaim Your Face, Homo Digitalis have also been active in Greece.

• In May 2022 they organised a paper signature collection in the streets of Athens.

• In July 2022, Homo Digitalis finally got an answer from the Hellenic Data Protection Authority. Following a complaint filed by Homo Digitalis in May 2021 representing their member and data subject Marina Zacharopoulou, the (HDPA) issued a decision imposing a fine of 20 million euros on Clearview AI for its intrusive practices.

Serbia

As a result of international pressure, in September 2021, a Draft Law on Internal Affairs, which contained provisions for legalising a massive biometric video surveillance system, was pulled from the further procedure. This was an amazing win for human rights and a result of Share Foundation’s national campaign Thousands of Cameras, a two-and-a-half year-long battle against smart cameras in Belgrade installed by the Ministry of Interior and supplied by Chinese tech giant Huawei.

Portugal

The Portuguese lead organisation in the Reclaim Your Face coalition D3 (Defesa Dos Direitos Digitais) led actions to raise awareness, as the Portuguese government proposed video surveillance and facial recognition law. Reclaim Your Face organisations and EDRi sent a letter to representatives of Portugal’s main political parties, supporting D3’s fight against biometric mass surveillance practices. Together, we urged politicians to reject this dystopian law. The proposal was later withdrawn.

EU level successes

In parallel with our work at the national level, we unite and coordinate EU-level actions.

• Before the AI Act law was proposed in April 2021, we communicated intensively about our ECI to Members of the EU Parliament. They supported our call for a ban, and united to ask the EU Commission to include a ban in the upcoming planned draft law.

• In April 2021, when the law was proposed, we managed to include in the draft a mention of a ban. While not enough, our success to put the topic on the political agenda was clear.

• In May 2021, a coalition of organisations (including noyb, Privacy International (PI), Hermes Center and Homo Digitalis) filed a series of submissions against Clearview AI, Inc. The complaints were submitted to data protection regulators in France, Austria, Italy, Greece and the United Kingdom. Some already had their decisions published fining Clearview AI while we are awaiting for others.

• In June 2021, the two most important regulators for ensuring people’s rights to privacy and data protection across the EU, the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB) announced their formal call to ban biometric mass surveillance practices.

• In October 2021, we had a huge victory for human rights as the European Parliament voted to adopt a new report which calls to ban biometric mass surveillance. Although the report is not legally binding, it gave a strong indication of the Parliament’s position on the ‘Artificial Intelligence Act’.

• In fact, in May 2022 we could see the results of our actions. After meeting with key MEPs working on the EU’s AI Act proposal, delivering an open letter signed by 53 organisations and publishing multiple op-eds, both co-lead MEP on the AI Act announced their support for a ban. Dragos Tudorache (Renew) announced that he personally will table amendments for a more comprehensive ban on RBI in publicly-accessible spaces, calling RBI “clearly highly intrusive … in our privacy, our rights”.

Today we say goodbye to our European Citizens Initiative and are humbled by the tens of thousands of people who signed it.

However, Reclaim Your Face continues!

We envision a society in which no one is harmed by biometric mass surveillance. Such a society is only possible when biometric mass surveillance is banned by law and in practice. Together with our partners, we continue to fight for this a reality by advocating for an AI Act that puts people at its core.

This month we worked together on some specific actions to influence the Artificial Intelligence Act to include a ban on biometric mass surveillance and 53 organisations took part. This builds on the hard work of the whole Reclaim Your Face coalition over the last two years. Our actions have had amazing results, with even the co-lead MEP on the Artificial Intelligence Act committing to table amendments for a more comprehensive ban on RBI in publicly-accessible spaces!

Here is a snapshot of our joint actions last/this week:

• Reclaim Your Face organisations from Italy, Germany, France and Belgium met with key MEPs working on the EU’s AI Act proposal, including co-lead MEP Dragos Tudorache, co-lead MEP Brando Benifei, and MEP Birgit Sippel.

• 53 organisations signed our Reclaim Your Face open letter asking MEPs to protect fundamental rights in the AI Act by prohibiting all remote (i.e. generalised surveillance) uses of biometric identification (RBI) in publicly- accessible spaces.

We have five main demands to ban biometric mass surveillance in the AI Act:

1. Extending the scope of the prohibition to cover all private as well as public actors;
2. Ensuring that all uses of RBI (whether real-time or post) in publicly- accessible spaces are included in the prohibition;
3. Deleting the exceptions to the prohibition, which independent human rights assessments confirm do not meet existing EU fundamental rights standards;
4. Putting a stop to discriminatory or manipulative forms of biometric categorisation; and
5. Properly addressing the risks of emotion recognition.

Our demands were published in various EU Policy outlets and France.

Our tireless actions to call for a Ban on Biometric Mass Surveillance in the Artificial Intelligence Act have had amazing results so far!

Following our meeting, the co-lead MEP on the AI Act, Dragos Tudorache (Renew) announced that he personally will table amendments for a more comprehensive ban on RBI in publicly-accessible spaces, calling RBI “clearly highly intrusive … in our privacy, our rights”.

This is the result of hearing the views of his colleagues in a majority of the Parliament’s political groups – with several lead MEPs committing publicly to submitting amendments for a full ban on biometric mass surveillance in the AI Act – and suggesting the big influence of the calls of the dozens of organisations and 71,000 people behind Reclaim Your Face’s European Citizens Initiative.

However, we have not won – yet. There will still be many months of negotiations in the AI Act.

You can support Reclaim Your Face individually by signing our ECI, and as an organisation by getting in contact with us so we can explore paths of collaboration.

Thank you to all our partners and supporters for making this possible! The response to our actions suggests that there is clear a majority in the Parliament supporting our call.

The EU is currently negotiating the Artificial Intelligence (AI) Act. This future law offers the chance to effectively ban biometric mass surveillance. This article aims to offer an overview of how the EU negotiates its laws and the key AI Act moments in which people can make their voices heard.

Two months after Reclaim Your Face launched our European Citizens’ Initiative (February 2021), the EU proposed a new law: the AI Act. In April 2021, the draft law included a ban on some forms of biometric surveillance. Despite its shortcomings, the mere mention of the word “prohibit” in the draft law was a huge success for our campaign.

The AI Act draft showed that, if it wants, the EU has the power to truly ban biometric mass surveillance practices. As a result, we decided that the negotiations around this law will be crucial to make our Reclaim Your Face campaign demands real.

Most importantly, it showed that the calls launched by tens of thousands of people and civil society organisations across Europe since October 2020 have had a real impact.

How are EU laws negotiated?

The process of EU law-making can be difficult to grasp. The graphic below explains the role of the European Commission, the negotiations between the European Parliament and the Council of the EU, as well as the different actions we took/take during these steps. 

As you can see, the European Commission (EC) is the body that proposes a new EU law. After preparatory work, the EC writes up a draft, publishes and sends it to the Parliament and the Council. Both the Parliament and the Council debate internally. As a result, each of them will form a position on the EC draft. Next, they meet – together with the EC – in a negotiation step called ‘trilogues’. Unfortunately, trilogues are notorious for their opacity and lack of opportunities for public scrutiny. 

If you want to know more about where EU legislative and non-legislative Proposals come from, check EDRi’s Activist Guide to the Brussels Maze.

The role of the Parliament is crucial

The European Parliament is the only directly-elected EU body. For this reason, it is probably the body that most takes into account people’s voices. Influencing the opinion of the Parliament – before the trilogues start – is therefore a key component of civil society’s work on EU laws.

The European Parliament is formed of 705 Members (MEPs) from all 27 EU Member States. Most MEPs are also part of Parliament Committees. The Committees have a crucial role in forming the Parliament’s position.

One or more Committees are assigned to write a report that forms the basis of the entire European Parliament’s position. The AI Act is handled jointly in the Parliament by two Committees: LIBE (Civil Liberties, Justice and Home Affairs) and IMCO (Internal Markets and Consumer Protection). 

Each Committee has a Rapporteur (overall lead) and several Shadow Rapporteurs (lead for their political group). The important thing to remember is that these MEPs are all key players in shaping the report of the Parliament on the AI Act. They may also be influenced by other MEPs in their Committee(s), who can suggest changes to the draft report (“amendments”) as well as the heads of their political group. See more below.

When can people strategically influence the negotiations on the AI Act?

During the negotiations of the lead committees

he lead committees in the Parliament (IMCO and LIBE) are working on their report on the AI Act up until October 2022. This means that already we should raise awareness of our work and our demands to MEPs in those two committees. What are some crucial steps of the negotiation around the LIBE–IMCO Committee report?

First, the lead Rapporteurs Benifei and Tudorache publish an IMCO–LIBE draft report (expected April 2022) which represents the parts of the position on which they could agree. Afterwards, the other MEPs in IMCO and LIBE can propose amendments to this draft report, including the areas that need more democratic scrutiny. The tabling of amendments is expected to happen until 18 May 2022.

The amendments are then negotiated among a selected number of MEPs in the LIBE-IMCO committees (the Rapporteurs and Shadow Rapporteurs), and agreed upon by coming up with compromises. The negotiations around these amendments and the agreement on a compromise text for the LIBE–IMCO report are expected to happen between May and October 2022.

After lead committees conclude their report, and just before the Plenary vote

Once out of committee negotiations, this joint IMCO–LIBE report will be presented to the full Parliament, known as the Plenary. When the report is presented to the Plenary, there is also an opportunity for last-minute amendments to the committees’ report to be put forward. This tabling of amendments before the Plenary vote is yet another moment in which MEPs may introduce protections for people against biometric mass surveillance. 

After any final amendments to the IMCO–LIBE report are voted on, all 705 MEPs will vote on whether or not to accept this final version of the IMCO–LIBE report as the Parliament’s position. Currently, the 705 MEPs are scheduled to vote on the final report in November 2022.

In parallel, the Council of Member States is currently trying to make the in-principle ban on biometric surveillance from the Commission‘s draft weaker and more narrow. If the Parliament agrees on the need for a full ban on biometric mass surveillance practices, we have a chance to fight back against the Council’s proposal.

Supporters of Reclaim Your Face can play an important role in the negotiations of the EU’s Artificial Intelligence Act. Are you ready for bold, strategic and direct action? Subscribe to EDRi’s mailing list to be kept in the loop and follow our social media channels.

Clearview AI describes itself as ‘The World’s Largest Facial Network’. However, a quick search online would reveal that the company has been involved in several scandals, covering the front page of many publications for all the wrong reasons. In fact, since New York Times broke the story about Clearview AI in 2020, the company has been constantly criticised by activists, politicians, and data protection authorities around the world. Read below a summary of the many actions taken against the company that hoarded 10 billion images of our faces.

How did Clearview AI build a database of 10 billion images?

Clearview AI gathers data automatically, through a process called (social media) online scraping. The specific way Clearview AI gathers its data enables biometric mass surveillance, being a practice also adopted by actors such as PimsEyes among others.

The company scrapes the pictures of our faces from the entire internet – including social media applications – and stores them on its servers. Following the gathering and storage of data through online scraping, Clearview AI managed to create a database of 10 BILLION images. Now, the company uses an algorithm that matches a given face to all the faces in its 10B database: (virtually) everyone and anyone.

Creepily enough, this database can be available to any company, law enforcement agency and government that can pay for access. 

This will go on, as long as we don’t put a stop to Clearview AI and its peers. Reclaim Your Face partners and other organisations have taken several actions to limit Clearview AI in France, Italy, Germany, Belgium, Sweden, the United Kingdom, Australia and Canada.

In several EU countries many activists, Data Protection Authorities and watchdogs took action.

In May 2021, a coalition of organisations (including noyb, Privacy International (PI), Hermes Center and Homo Digitalis) filed a series of submissions against Clearview AI, Inc. The complaints were submitted to data protection regulators in France, Austria, Italy, Greece and the United Kingdom.

Here are some of the Data Protection Authorities and watchdogs’ decisions:

France

Following Reclaim Your Face Partner’s Privacy International and individual complaints about Clearview AI’s facial recognition software, the French data protection authority (‘CNIL’) decided in December 2021 that Clearview AI should cease collecting and using data from data subjects in France.

Italy

After individuals (including Riccardo Coluccini) and Reclaim Your Face organisations (among them Hermes Centre for Transparency and Digital Human Rights and Privacy Network) filed a complaint against Clearview AI, Italian’s data privacy watchdog (Garante per la Protezione dei dati personali) fined Clearview AI the highest amount possible: 20 million Euros. The decision includes an order to erase the data relating to individuals in Italy and banned any further collection and processing of the data through the company’s facial recognition system.

Germany

Following an individual complaint from Reclaim Your Face activist Matthias Marx, the Hamburg Data Protection Agency ordered Clearview to delete the mathematical hash representing a user’s profile. As a result, the Hamburg DPA deemed Clearview AI’s biometric photo database illegal in the EU. However, Clearview AI has only deleted Matthias Marx’s data and the DPA’s case is not yet closed.

Belgium

While the use of this software has never been legal in Belgium and after denying its deployment, the Ministry of the Interior confirmed in October 2021 that the Belgian Federal Police used the services of Clearview AI. This was derived from a trial period the company provided to the Europol Task Force on Victim Identification. Albeit admitting the use, the Ministry of Interior also confirmed and emphasized that Belgian law does not allow this. This was later confirmed by the Belgian police watchdog ruling that stated its use was unlawful.

Sweden

In February 2021, the Swedish data protection authority (IMY), decided that a Swedish local police’s use of Clearview’s technology involved unlawfully processed biometric data for facial recognition. The DPA also pointed the Police failed to conduct a data protection impact assessment. As such, the authority fined the local police authority €250,000 and ordered to inform people whose personal data was sent to the company.

Clearview AI is in trouble outside of the European Union too

United Kingdom 

On 27 May 2021, Privacy International (PI) filed complaints against Clearview AI with the UK’s independent regulator for data protection and information rights law and Information Commissioner’s Office (ICO). Jointly with OAIC, which regulates the Australian Privacy Act, conducted a joint investigation on Clearview AI from 2020. Last year, ICO announced its provisional intent to impose a potential fine of over £17 million based on Clearview’s failure to comply with UK data protection laws.

In May 2022, ICO issued a fine to Clearview AI Inc of £7,552,800 and an enforcement notice, ordering the company to stop obtaining and using the personal data of UK residents that is publicly available on the internet, and to delete the data of UK residents from its systems.

Australia 

On the other hand, OAIC has reached a decision and ordered the company to stop collecting facial biometrics and biometric templates from people in Australian territory; and to destroy all existing images and templates that it holds. 

Canada 

Canadian authorities were unequivocal in ruling that Clearview AI was a violation of their citizen’s right to privacy, and furthermore, that this use constitutes mass surveillance. Their statement highlights the clear link between ClearviewAI and biometric mass surveillance and assumes that all citizens are suspects of crime. 

War and Clearview AI

In an already distressing war context, Ukraine’s defence ministry is using Clearview AI’s facial recognition technology for allegedly vetting people at checkpoints, unmasking Russian assailants, combating misinformation and identifying the dead.

It is deeply worrying that Clearview AI’s technologies are reportedly being used in warfare. What happens when Clearview AI decides to offer its services to military forces with whom we disagree? What does this say about the geopolitical power we allow – as a society – for surveillance of private actors? By allowing Clearview AI into military operations, we are opening Pandora’s box for technologies that have been ruled incompatible with people’s rights and freedoms to be deployed into a situation of literal life-or-death. Clearview AI’s systems show documented racial bias and have facilitated several traumatic wrongful arrests of innocent people around the world. Even a system that is highly accurate in lab conditions will not perform as accurately in a war zone. This can lead to fatal results.

Clearview AI mocks national data protection authorities. We must act united! The EU must step up and use the AI Act to end the mocking of people’s rights and dignity.

Pressure is mounting, but Clearview AI is not stepping down. Instead, the company started as a service for law enforcement uses only, but is now telling investors they are extending towards the monitoring of gig workers – among others.

All the data protection authorities mentioned above have strong arguments to justify their decisions. In response to fines, Clearview AI’s CEO issues statements that mock all the fines national authorities issue. 

National agencies and watchdogs cannot reign in Clearview AI alone. The EU must step in and ensure Clearview AI does not also mock the fundamental nature of human rights. 

Reclaim Your Face campaigns to stop Clearview AI and any other uses of technology that create biometric mass surveillance. 

Further readings:

• CNIL decision France: https://www.cnil.fr/sites/default/files/atoms/files/decision_ndeg_med_2021-134.pdf
• SA decision Italy: https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/9751362
• Statement by Canadian privacy watchdog: https://www.priv.gc.ca/en/opc-news/news-and-announcements/2021/nr-c_210203/?=february-2-2021
• Australian privacy regulator decision: https://www.oaic.gov.au/__data/assets/pdf_file/0016/11284/Commissioner-initiated-investigation-into-Clearview-AI,-Inc.-Privacy-2021-AICmr-54-14-October-2021.pdf
• IMY decision (in Swedish only): https://www.imy.se/globalassets/dokument/beslut/beslut-tillsyn-polismyndigheten-cvai.pdf
• Hamburg’s DPA decision (in German only): https://noyb.eu/sites/default/files/2021-01/545_2020_Anh%C3%B6rung_CVAI_ENG_Redacted.PDF