Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Surveilling the Surveillance: Ensuring an Effective Protection of Fundamental Rights when Using Real-time Remote Biometric Identification in EU Member States after the AI Act

Walde, Frida LU (2025) JURM02 20251
Department of Law
Faculty of Law
Abstract
As artificial intelligence (AI) develops, it is applied in an increasing number of fields of society. One of the uses to which AI is put today is in real-time remote biometric identification technology (RBI). RBI refers to automated processes used to identify an individual in a group of others by analysing and quantifying their characteristics. The identification is conducted from afar, often without the involvement, knowledge, or consent of the affected persons.
The use of real-time RBI is highly controversial due to its adverse impacts on fundamental rights. Pursuant to Article 5(1)(h) of the EU’s AI Act, the use of the technology is therefore generally prohibited in publicly accessible spaces for the purpose of law enforcement.... (More)
As artificial intelligence (AI) develops, it is applied in an increasing number of fields of society. One of the uses to which AI is put today is in real-time remote biometric identification technology (RBI). RBI refers to automated processes used to identify an individual in a group of others by analysing and quantifying their characteristics. The identification is conducted from afar, often without the involvement, knowledge, or consent of the affected persons.
The use of real-time RBI is highly controversial due to its adverse impacts on fundamental rights. Pursuant to Article 5(1)(h) of the EU’s AI Act, the use of the technology is therefore generally prohibited in publicly accessible spaces for the purpose of law enforcement. However, the use is allowed for three specific objectives, subject to a number of safeguards. If a Member State wants to use RBI for any of these objectives, it must lay down explicit rules for its use in its domestic law.

As this thesis is written, Member States across the EU are designing domestic legislation necessary to allow the use of real-time RBI. Against that background, the purpose of this thesis is to analyse how the Act’s safeguards relating to the use of real-time RBI can be interpreted and implemented by Member States, which opt to allow it in their domestic law, in order to ensure an effective protection of fundamental rights. This is done by analysing, partly, the interplay between the AI Act and the EU fundamental rights framework, partly how the use of real-time RBI can affect fundamental rights, and partly the prohibition and the safeguards stipulated for exploiting its exceptions. The thesis applies an EU legal method, which takes as its starting point that ensuring a ‘high level’ of fundamental rights is one of the AI Act’s explicit aims. In addition, the thesis is inspired by Ronald Dworkin’s argument that the law must be interpreted in its ‘best light’. For this thesis, this entails that the AI Act must be interpreted so that it achieves an effective protection, or gives room for such protection, of fundamental rights.

It is submitted that there are several ways in which this can be achieved, whereof a few can be mentioned. First, the domestic legislation should ensure that the authorising authority is a judicial authority. Second, the national law should ensure that the more remote chilling effects of the use are considered, beyond simply determining proportionality on a case-by-case basis. This could be achieved as an obligatory consideration in the authorisation assessment or as part of an ongoing review conducted by the market surveillance authority. Third, for those objectives which are deemed lower in the CJEU’s hierarchy of objectives that may justify a limitation of fundamental rights, the domestic law should ensure that the requirements for necessity are explicitly higher, and the use more restricted. (Less)
Please use this url to cite or link to this publication:
author
Walde, Frida LU
supervisor
organization
course
JURM02 20251
year
type
H3 - Professional qualifications (4 Years - )
subject
keywords
EU law, fundamental rights law, fundamental rights, artificial intelligence, AI Act, remote biometric identification: real-time remote biometric identification
language
English
id
9189161
date added to LUP
2025-06-12 09:26:49
date last changed
2025-06-12 09:26:49
@misc{9189161,
  abstract     = {{As artificial intelligence (AI) develops, it is applied in an increasing number of fields of society. One of the uses to which AI is put today is in real-time remote biometric identification technology (RBI). RBI refers to automated processes used to identify an individual in a group of others by analysing and quantifying their characteristics. The identification is conducted from afar, often without the involvement, knowledge, or consent of the affected persons. 
The use of real-time RBI is highly controversial due to its adverse impacts on fundamental rights. Pursuant to Article 5(1)(h) of the EU’s AI Act, the use of the technology is therefore generally prohibited in publicly accessible spaces for the purpose of law enforcement. However, the use is allowed for three specific objectives, subject to a number of safeguards. If a Member State wants to use RBI for any of these objectives, it must lay down explicit rules for its use in its domestic law. 

As this thesis is written, Member States across the EU are designing domestic legislation necessary to allow the use of real-time RBI. Against that background, the purpose of this thesis is to analyse how the Act’s safeguards relating to the use of real-time RBI can be interpreted and implemented by Member States, which opt to allow it in their domestic law, in order to ensure an effective protection of fundamental rights. This is done by analysing, partly, the interplay between the AI Act and the EU fundamental rights framework, partly how the use of real-time RBI can affect fundamental rights, and partly the prohibition and the safeguards stipulated for exploiting its exceptions. The thesis applies an EU legal method, which takes as its starting point that ensuring a ‘high level’ of fundamental rights is one of the AI Act’s explicit aims. In addition, the thesis is inspired by Ronald Dworkin’s argument that the law must be interpreted in its ‘best light’. For this thesis, this entails that the AI Act must be interpreted so that it achieves an effective protection, or gives room for such protection, of fundamental rights.

It is submitted that there are several ways in which this can be achieved, whereof a few can be mentioned. First, the domestic legislation should ensure that the authorising authority is a judicial authority. Second, the national law should ensure that the more remote chilling effects of the use are considered, beyond simply determining proportionality on a case-by-case basis. This could be achieved as an obligatory consideration in the authorisation assessment or as part of an ongoing review conducted by the market surveillance authority. Third, for those objectives which are deemed lower in the CJEU’s hierarchy of objectives that may justify a limitation of fundamental rights, the domestic law should ensure that the requirements for necessity are explicitly higher, and the use more restricted.}},
  author       = {{Walde, Frida}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Surveilling the Surveillance: Ensuring an Effective Protection of Fundamental Rights when Using Real-time Remote Biometric Identification in EU Member States after the AI Act}},
  year         = {{2025}},
}