The Czech Foreign Police were ordered to cease operations of a facial recognition camera system at Prague’s Václav Havel Airport following a ruling by the Czech Office for Personal Data Protection (ÚOOÚ). The decision concluded that the continuous and indiscriminate scanning of individuals constituted illegal processing of sensitive biometric data.

The system, which had been in use since at least 2018 for the stated purpose of searching for wanted persons, was challenged in a 2022 complaint filed by the Czech non-governmental organization Iuridicum Remedium (IuRe), with support from the European Digital Rights (EDRi) network.

Ruling Finds No Legal Basis for Mass Surveillance

The investigation by the Czech Office for Personal Data Protection (ÚOOÚ) found that the police lacked a sufficient legal basis for the system’s operation. The authority determined that the constant collection of biometric data from every person passing through the camera’s view violated data protection principles under both the GDPR and the national Police Act. The indiscriminate nature of the surveillance was a key factor in the decision, as the system did not differentiate between suspects and the general public, processing data from thousands of people daily without their consent or a specific legal mandate.

A Precedent in Line with EU’s AI Act

The final order from the ÚOOÚ mandated the immediate shutdown of the facial recognition system. This decision is significant as it aligns with the principles established in the European Union’s AI Act, which prohibits the use of real-time remote biometric identification systems in publicly accessible spaces, subject to limited exceptions. The ruling against the Prague airport system serves as a concrete application of these privacy-protecting principles, halting a large-scale biometric surveillance program operated by state authorities.

Source: https://edri.org/our-work/czech-police-forced-to-turn-off-facial-recognition-cameras-at-the-prague-airport-thanks-to-the-ai-act/