FRT and Access to Public Services: What Acceptable Uses in Smart Cities?

Digital technologies are the backbone of the smart city, where local governments rely on diversified solutions to make public services more accessible and efficient. Facial recognition technologies (FRT) are also a popular option to regulate access to public services. However, using FRT in this domain raises many privacy and data protection issues, for example, in terms of the legitimate legal basis and proportionality of the processing. Against this background, this chapter aims to assess what are the legitimate uses of FRT to access public services in smart cities. Preliminary, existing applications of the technology are mapped and categorized. In public service provision, FRT contribute to the efficiency of a service (i.e., by improving crowd flows) or detecting irregularities (i.e., violations of public facility rules). The legitimacy of such implementations is assessed against two of the legal bases for biometric processing under the EU General Data Protection Regulation (GDPR): consent (Article 9(2)(a) GDPR) and public interest (Article 9(2)(g) GDPR). In particular, firstly, I examine to which extent consent can legitimize FRT use for accessing public services and assess the role of the proportionality test in such processing vis-à-vis the determinations of data subjects. Secondly, I analyze if the employment of FRT to control the regular access to and use of services complies with proportionality, in light of data subjects’ expectations of privacy in public venues. In conclusion, I summarise the findings of the legal analysis.