Navigating Regulatory Challenges in Soft Biometric Technologies

  • Panel
  • Maritime
  • Friday 23.05 — 10:30 - 11:45

Organising Institution

Autoriteit Persoonsgegevens (Dutch DPA)

Netherlands

The Autoriteit Persoonsgegevens (AP) is the Dutch Data Protection Authority (DPA). The Dutch Data Protection Authority is the independent regulator in the Netherlands that supervises the processing of personal data. The tasks and powers of the Dutch DPA follow from the General Data Protection Regulation (GDPR), the Dutch Implementation Act of the GDPR, the Police Data Act, the Judicial Information and Criminal Records Act, the Electoral Act, and the Personal Records Database Act. The AP is also the national coordinating supervisor on algorithms and AI to contribute to more responsible use of of AI and algorithms in The Netherlands and is preparing for joint oversight on the AI Act.
  • Academic 2
  • Business 2
  • Policy 2
The use of biometric technologies is becoming increasingly normalized. The adoption of “soft biometrics” has grown significantly in recent years. Unlike traditional biometrics, such as fingerprints or facial recognition, soft biometrics often lack the distinctiveness to identify individuals but are used to categorize people based on physical or behavioral traits. Increasingly, public spaces deploy these technologies to detect potential incidents like theft, violence or other unwanted activities. Soft biometrics raise urgent regulatory challenges. As these technologies become normalized, what risks arise from their use in public spaces? How should Data Protection Authorities (DPAs) tackle this phenomenon? What legal tools do DPAs have at their disposal to adequately address these challenges? Together with civil society and academia, the Dutch DPA will explore these questions during this panel.

Questions to be answered

  1. What data protection and fundamental rights risks are associated with the use of soft biometrics in public spaces, and what ethical and legal concerns do they raise?
  2. In what ways can the GDPR be strategically leveraged to mitigate these risks?
  3. What other legal tools, frameworks or approaches are available to DPAs to effectively respond to the challenges posed by emerging technologies as such?
  4. How can DPAs effectively collaborate with civil society and academia to address these issues and foster public awareness?

Speaker

Oyidiya Oji

European Network Against Racism (ENAR) - Belgium

Oyidiya Oji is a Policy and Advocacy Advisor for Digital Rights at the European Network Against Racism (ENAR). She focuses on advocacy on the AI Act and related digital rights portfolios. She defends a transversal and sustainable relationship with EU institutions with a racial equality lens. Previously, she researched and mapped projects of resistance and reappropriation of technology, with a special focus on AI. She was also part of artivism and digital community building collectives and organised monthly meetings with people from underrepresented backgrounds in tech from across the globe.