Hackernoon logoAI Compliance Requirements: Are You Allowed to Use Facial Recognition? by@shahanz

AI Compliance Requirements: Are You Allowed to Use Facial Recognition?

Shahan Zafar Hacker Noon profile picture

@shahanzShahan Zafar

Shahan Zafar is the Marketing Lead at VIDIZMO, and an industry expert in video streaming, content management and AI.

The use of Facial recognition and other AI technology in video surveillance is revolutionary for law enforcement agencies. You don’t need to go through hours of footage to look for one particular person. Through facial recognition and identification, you can jump to the exact spot in a video where the person appeared. However, there’s one challenge – compliance! Are law enforcement agencies allowed to use facial recognition, as it infringes upon the privacy of citizens? If yes, then how and when can they use them?

The Carnegie Endowment showed through a survey that 75 out of 176 countries studied were actively using AI for video surveillance. AI allows them to analyze large amounts of recorded footage as well as analyze footage in real-time to reduce human error. Law enforcement agencies can track criminals, automatically detect crimes, and respond to them swiftly.

Compliance Requirements for Use of Facial Recognition Technology in US and EU

Law enforcement officers usually need to go through hours of recorded surveillance footage to identify a particular suspect and gather evidence. AI can help speed up this process and tell them exactly where the suspect appeared.


In the US, the use of AI facial recognition technology to save time in finding a suspect is allowed under the Facial Recognition Technology Warrant Act. Under this act, law enforcement officers need to obtain a warrant, with a probable cause of suspected criminal activity. After obtaining a warrant they can use facial recognition technology only for 30 days after which they need to get the period extended.

However, law enforcement agencies need to be careful as the same act requires them to minimize the acquisition, retention, and dissemination of facial recognition data outside of the warrant’s purview. This means that facial recognition only needs to be run on the suspect and faces of other people occurring within the video need to be redacted.


In the EU, facial recognition technology is governed by GDPR laws. As per Article 9 of GDPR, facial recognition data is considered as sensitive data and processing such data is prohibited. However, there are certain special circumstances, when such data can be used and one of them is “for the establishment, exercise or defense of legal claims”. Facial recognition data can also be processed for criminal offenses. This means that law enforcement agencies or lawyers can use such AI technology to look for a certain person among large amounts of footage.

Moreover, GDPR allows use of facial recognition if consent has been given by the person whose face is to be identified. However, consent under GDPR does not simply mean that the person has said “yes” to such usage. Pre-ticked boxes do not count as valid consent. The person also has the option to withdraw such consent at any point in time.

Lastly, under GDRP, organizations using facial recognition technology need to carry out a Data Protection Impact Assessment, where they identify and reduce risks related to the use of such technology. If this assessment is not done, then according to Article 83(4), organizations using AI facial recognition can be fined up to €10 million or 2% of the organization’s global turnover; whichever is higher.

Do Video Platforms Use AI Facial Recognition in a Compliant Manner?

There are many other compliances related to the use of AI technology that further complicate the matter. These include compliance regarding how data is stored and processed. Thankfully, there are advanced video platforms that allow organizations to use such technology without having to worry about compliances.

Panopto, Kaltura and VIDIZMO are examples of video platforms that allow you to host surveillance videos in a compliant manner. Panopto is hosted on AWS Cloud, which covers numerous compliances that include PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2 and much more. VIDIZMO is hosted on Azure Cloud, which covers more than 90 compliances in multiple geographies. VIDIZMO even provides facial recognition technology as a feature so organizations wouldn’t have to worry about procuring such technology from third-party providers.

The underlying benefit of using a video platform is that organizations do not need to worry about multiple compliances with regard to the storage and handling of data. The cloud providers do this for them. Organizations only need to obtain a warrant or explicit consent, and facial recognition technology can be used.

I hope this blog helped you understand the various compliances around facial recognition technology and how your organization can use such technology. You can read up more through the articles and acts linked in this blog.


Join Hacker Noon

Create your free account to unlock your custom reading experience.