Tech News: GDPR

Tech News: GDPR

Published on 12/09/2022

Topic #1: GDPR, fines, and child data protection

It has been four years since GDPR came into force in all 27 EU states, and it has been two years since our last update on it. The topic remains at the centre of many reflexions regarding the uses of the Internet, anonymity of users, and malevolent data exploitation.

The main weapons of the European regulators, fines, recently got some attention with the European Data Protection Board publishing proposals for a harmonized methodology, here is the 5-step process that could be used:

  • Step 1: Verifying the number of violations committed
  • Step 2: Establishing the minimum value of the fine
  • Step 3: Checking for aggravating or mitigating circumstances
  • Step 4: Comparing the fine amount with the legal maximum
  • Step 5: Final assessment and follow up regarding the efficiency, dissuasiveness, and proportionality of the fine

That said, creating new processes will not change the fact that fines have been historically growing at a steep pace, from €440k in 2018 to €1,1bn in 2021, which is a 200,000% increase.
But the growth is coming from the value of unique fines, such as the €746m fine Amazon faced in 2021 after facing charges of tracking user data without acquiring appropriate consent from users or providing the means to opt out from this tracking.

Last week it was Meta who was struck through Instagram. The firm was fined €405m on charges of mishandling children’s data.
These policies, and the fine that came along with them, make a fine reminder of the EU strict philosophy regarding its sovereignty and the sovereignty of its people. If concerns were raised about the potential withdrawal of some American social media platforms from Europe, only the future will tell us what comes of it.

Topic #2: I can see you now! The exciting world of facial recognition

Let’s first look back on History, facial recognition experiences began at the end of the 1960s when a research team led by Woodraw W Bledsoe tried to figure out whether a computer (then called “programming computer”) could recognize faces. However, this first experiment was not successful. And the step was high: computers find it harder to recognize a face than to beat a Grandmaster at chess. But with camera technology progress, machine learning, mapping processes, and hardware improvement, the technology came to life.

Now you need not confuse facial recognition with face detection
, as the latter is “simply” when a system can establish that a face is present. Facial recognition is much more complex and rely on five key technologies:

  • 3D modelling: the usage of photographic data to create a “map” of the face. It is precise enough to capture bone structure, curves around the eye, age, and creates a data set of several thousand point. The integration of 3D allows to ignore most lightning conditions issues faces by 2D models
  • Infrared cameras: it allows the camera to capture 3D photographic data, and this is the technology used by most smartphones
  • Deep learning, AI and neural networks: it is not innate for a computer to recognize faces, the introduction of deep learning allows the computer to “train” itself using data given to him. In order to “train” properly, the computer will obviously need a complete and exhaustive dataset to face any possible situation it can encounter
  • Surface texture analysis: the system captures a “skinprint”, which allows for scanning the skin at the level of pores and texture and translate it into data. It helps make facial recognition up to 30% more accurate, and it also make sure the computer is not identifying a picture of someone else’s face
  • Secure enclave: the data gathered in the facial recognition process is encrypted and stored in a local “secure enclave”, which means everything happens on the device and is not stored on the cloud

But even if the technology is an amazing showcase of technological advancement, it is possible to be skeptical regarding the uses of it. In 2011, Facebook launched a free face recognition service, which was heavily criticized regarding the right to privacy and right to be forgotten and was closed only a year later. In China, facial recognition is the baseline of the social credit system (which was generalized to all of mainland China in 2020) and is also regarded by human right associations as an early-stage Orwellian system.

On the other side, facial recognition can be used for security purpose, restricting some people from accessing critical infrastructures, checking the identity of people boarding a plane or entering a country for example.
It can also secure your bank account or payment information, as the technology is getting more and more secure.