Chapter 2 PROHIBITED ARTIFICIAL INTELLIGENCE PRACTICES Flashcards
Q: What AI practices are prohibited under the EU AI Act?
A: Prohibited AI practices include: subliminal or purposefully manipulative techniques that materially distort behavior and cause harm; exploiting vulnerabilities of persons to materially distort behavior and cause harm; social scoring by AI systems leading to detrimental treatment; AI risk assessments to predict criminal offenses based solely on profiling; creating facial recognition databases through untargeted scraping; inferring emotions in workplace/education except for medical/safety reasons; biometric categorization systems to infer sensitive attributes; and “real-time” remote biometric identification in public spaces by law enforcement (with exceptions).
Q: What are the exceptions allowing the use of “real-time” remote biometric identification by law enforcement in public spaces?
A: The exceptions are: targeted search for specific victims of abduction, trafficking, sexual exploitation or missing persons; prevention of specific, substantial and imminent threats to life/safety or genuine terrorist threats; locating/identifying suspects of serious crimes punishable by at least 4 years imprisonment. Strict necessity for the objective is required.
Q: What safeguards apply when law enforcement uses “real-time” remote biometric identification in public spaces under an exception?
A: Safeguards include: considering nature/seriousness of the situation and consequences for rights/freedoms; complying with necessary and proportionate limits on use under national law; completing a fundamental rights impact assessment; registering the system in an EU database; and obtaining prior authorization from a judicial or independent administrative authority (with an urgency procedure).
Q: What are the notification and reporting requirements for “real-time” remote biometric identification use by law enforcement?
A: Each use must be notified to the market surveillance and data protection authorities. Annual reports on such uses must be submitted by national authorities to the Commission, which will publish aggregated annual reports. Sensitive operational data is excluded from the reports.
Q: What are Member States allowed to do regarding the rules on “real-time” remote biometric identification use by law enforcement?
A: Member States may provide for the possibility to authorize such use within the limits and conditions of the EU AI Act. They must lay down detailed national rules on the authorizations and notify them to the Commission. Member States may also introduce more restrictive laws on the use of remote biometric identification systems.