CEDHCASELAW;JUDGMENTS;CHAMBER;ENG6Satisfaction
CEDH · CASELAW;JUDGMENTS;CHAMBER;ENG — 4 juillet 2023
- ECLI
- ECLI:CE:ECHR:2023:0704JUD001151920
- Date
- 4 juillet 2023
- Publication
- 4 juillet 2023
droits fondamentauxCEDH
Source : DILA / Judilibre · open data
Mes notes
privées · visibles par vous seulRésumé structuré
version préliminaireFaits
Non déterminable à partir du texte fourni.
Procédure
Non déterminable à partir du texte fourni.
Question juridique
Non déterminable à partir du texte fourni.
Solution
source officielleViolation of Article 8 - Right to respect for private and family life (Article 8-1 - Respect for private life);Violation of Article 10 - Freedom of expression-{general} (Article 10-1 - Freedom of expression);Non-pecuniary damage - award (Article 41 - Non-pecuniary damage;Just satisfaction)
Résumé généré automatiquement — à vérifier avec la décision originale.
Analyse IA non disponible
Générez un résumé intelligent de cette décision
Texte intégral
.s800EAC49 { font-size:12pt } .sFE10DC93 { margin-top:0pt; margin-bottom:0pt; text-align:center } .sBB9EE52A { font-family:Arial } .s523616E0 { margin-top:0pt; margin-bottom:12pt; text-align:center; font-size:14pt } .s5297CEC5 { margin-top:48pt; margin-bottom:14pt; text-align:center } .s29100277 { font-family:Arial; font-weight:bold } .sA36B60A1 { font-family:Arial; font-style:italic } .s39E5096F { margin-top:0pt; margin-bottom:14pt; text-align:center } .s8229ABDD { margin-top:0pt; margin-bottom:12pt; text-align:center } .s10950C61 { margin-top:0pt; margin-bottom:0pt; text-indent:14.2pt; text-align:justify } .s780F5245 { border:0.75pt solid #000000; clear:both } .s795B4A6B { margin-top:0pt; margin-bottom:0pt; text-align:justify; padding-top:1pt; padding-right:4pt; padding-left:4pt; font-size:11pt } .sD9FE5EFA { margin-top:0pt; margin-bottom:0pt; text-align:justify; padding-right:4pt; padding-left:4pt; padding-bottom:1pt; font-size:11pt } .s96B1B5AB { margin-top:0pt; margin-bottom:10pt; text-align:center } .s598389FB { margin-top:0pt; margin-bottom:0pt; text-align:center; font-size:14pt } .sF5E1C6CF { font-family:Arial; font-weight:bold; text-decoration:underline; color:#ff0000 } .sE208486F { font-family:Arial; color:#ff0000 } .s2E932ED2 { margin-top:0pt; margin-bottom:0pt; font-size:11pt } .s4ACA9207 { page-break-before:always; clear:both; mso-break-type:section-break } .s32563E28 { margin-top:0pt; margin-bottom:0pt } .sB9D5CABB { width:28.35pt; display:inline-block } .s3AAE10DF { margin-top:14pt; margin-bottom:12pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .s3CA22BA { font-family:Arial; text-transform:uppercase } .s28D8D01E { margin-top:14pt; margin-left:42.55pt; margin-bottom:12pt; text-indent:-14.2pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .s6B505E72 { margin:0pt; padding-left:0pt } .sE810360E { margin-left:54.27pt; margin-bottom:12pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; padding-left:2.48pt; font-family:Arial; text-transform:uppercase } .s8B983D37 { text-transform:none } .sA451BBF4 { margin-top:14pt; margin-left:56.75pt; margin-bottom:12pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-family:Arial; text-transform:uppercase } .sA3304A05 { margin-top:14pt; margin-left:56.75pt; margin-bottom:12pt; text-indent:-14.2pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-family:Arial; text-transform:uppercase; list-style-position:inside } .s41A39318 { width:9.78pt; font:7pt 'Times New Roman'; display:inline-block } .s9D48DD53 { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:7.1pt; text-align:justify; font-size:10pt } .s1B38C39D { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:21.3pt; text-align:justify; font-size:10pt } .sD0489F03 { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:7.1pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .sE5273FBD { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:7.1pt; text-align:center; font-size:10pt } .s12BDF8A5 { margin-top:14pt; margin-left:56.75pt; margin-bottom:12pt; text-indent:-14.2pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-family:Arial; list-style-position:inside } .sD3A9FB41 { margin-top:6pt; margin-left:36pt; margin-bottom:6pt; text-align:justify; font-size:10pt } .sDD998142 { margin-top:14pt; margin-left:17pt; margin-bottom:12pt; text-indent:-17pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .sE59B7B19 { margin-bottom:12pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-family:Arial; list-style-position:inside } .s6047437D { width:11.03pt; font:7pt 'Times New Roman'; display:inline-block } .s2182C584 { margin-top:14pt; margin-bottom:12pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-family:Arial; text-transform:uppercase; list-style-position:inside } .s1E132B58 { width:7.7pt; font:7pt 'Times New Roman'; display:inline-block } .s62B2E987 { margin-top:14pt; margin-left:70.95pt; margin-bottom:12pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-family:Arial; font-weight:bold } .s7CAC83C { margin-top:14pt; margin-left:19.67pt; margin-bottom:12pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; padding-left:0.18pt; font-family:Arial; text-transform:uppercase } .s743F3A55 { margin-right:0pt; margin-left:0pt; padding-left:0pt } .s733C8A98 { margin-left:14.2pt; margin-bottom:6pt; page-break-inside:avoid; page-break-after:avoid; font-weight:normal; font-style:italic } .sA10B3FF1 { margin-top:14pt; margin-left:85.15pt; margin-bottom:6pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-family:Arial; font-style:italic } .sA3E47BD { margin-top:0pt; margin-left:99.35pt; margin-bottom:6pt; text-indent:-14.2pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .sBD419D00 { width:1.98pt; font:7pt 'Times New Roman'; display:inline-block } .s5085E950 { margin-top:0pt; margin-left:113.55pt; margin-bottom:6pt; text-indent:-14.2pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; line-height:113%; font-size:10pt } .s3EA7A0E { width:5.32pt; font:7pt 'Times New Roman'; display:inline-block } .sC2F2758B { margin-top:14pt; margin-left:113.55pt; margin-bottom:6pt; text-indent:-14.2pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; line-height:113%; font-size:10pt } .s5916B642 { width:3.1pt; font:7pt 'Times New Roman'; display:inline-block } .s83BE5C30 { font-family:Arial; font-size:8pt; vertical-align:super } .s6C09A5E4 { margin-top:14pt; margin-left:99.35pt; margin-bottom:6pt; text-indent:-14.2pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s68242971 { width:1.43pt; font:7pt 'Times New Roman'; display:inline-block } .sC66C6FB1 { margin-top:14pt; margin-left:16.34pt; margin-bottom:12pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; padding-left:3.51pt; font-family:Arial; text-transform:uppercase } .s448F0C15 { margin-top:14pt; margin-left:18pt; margin-bottom:12pt; text-indent:-18pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .sD11CFAB7 { margin-top:14pt; margin-left:15.01pt; margin-bottom:3pt; text-align:justify; padding-left:1.99pt; font-family:Arial } .sFBC99493 { font-style:italic } .s51DFF5CF { margin-top:0pt; margin-left:34pt; margin-bottom:0pt; text-indent:-17pt; text-align:justify } .sE5BF05B1 { width:2.33pt; font:7pt 'Times New Roman'; display:inline-block } .s7F175FE6 { margin-top:0pt; margin-left:51.05pt; margin-bottom:0pt; text-indent:-17.05pt; text-align:justify } .sE5C1F6E3 { width:3.33pt; font:7pt 'Times New Roman'; display:inline-block } .s2D9C6089 { margin-top:12pt; margin-bottom:12pt; text-indent:14.2pt; text-align:justify; page-break-inside:avoid; page-break-after:avoid } .s69DCC830 { margin-top:36pt; margin-bottom:0pt } .sC2E086EB { width:36.89pt; display:inline-block } .s871A718A { width:136.42pt; display:inline-block } .s5A65B3DC { width:46.56pt; display:inline-block } .s44B8752F { width:177.11pt; display:inline-block }   THIRD SECTION CASE OF GLUKHIN v. RUSSIA (Application no. 11519/20)   JUDGMENT   Art 10 • Freedom of expression • Unjustified administrative-offence conviction of peaceful solo demonstrator, using life-size cardboard figure of political activist with banner, for failure to submit prior notification • Authorities’ failure to show requisite degree of tolerance • Failure to adduce relevant and sufficient reasons Art 8 • Private life • Unjustified processing of applicant’s personal biometric data by using highly intrusive facial recognition technology in administrative-offence proceedings in order to identify, locate and arrest him • Use of such technology to identify and arrest peaceful protesters capable of having chilling effect on rights to freedom of expression and assembly • In implementing facial recognition technology, need for detailed rules governing scope and application of measures, as well as strong safeguards against risk of abuse and arbitrariness • Even greater need for safeguards when live facial recognition technology used • Interference not corresponding to “pressing social need”   STRASBOURG 4 July 2023   FINAL   04/10/2023   This judgment has become final under Article 44 § 2 of the Convention. It may be subject to editorial revision. In the case of Glukhin v. Russia, The European Court of Human Rights (Third Section), sitting as a Chamber composed of:   Pere Pastor Vilanova, President ,   Jolien Schukking,   Yonko Grozev,   Georgios A. Serghides,   Peeter Roosma,   Andreas Zünd,   Oddný Mjöll Arnardóttir, judges , and Milan Blaško, Section Registrar , Having regard to: the application (no.   11519/20) against the Russian Federation lodged with the Court under Article 34 of the Convention for the Protection of Human Rights and Fundamental Freedoms (“the Convention”) by a Russian national, Mr Nikolay Sergeyevich Glukhin (“the applicant”), on 31 January 2020; the decision to give notice to the Russian Government (“the Government”) of the complaints concerning Article 6 § 1 and Articles 8 and 10 of the Convention, and to declare the remainder of the application inadmissible; the observations submitted by the Government and the observations in reply submitted by the applicant; the comments submitted by ARTICLE 19, a non-governmental organisation which was granted leave to intervene by the President of the Section; the Government’s failure to submit observations in reply to the third-party observations and the lack of any communication from the Government since March 2022; the decision of the President of the Section to appoint one of the sitting judges of the Court to act as an ad hoc judge, applying by analogy Rule 29 §   2 of the Rules of Court (see, for an explanation of the background to this, Kutayev v. Russia , no. 17912/15, §§ 5-8, 24 January 2023); Having deliberated in private on 23 May and 13 June 2023, Delivers the following judgment, which was adopted on the last ‑ mentioned date: INTRODUCTION 1.     The case concerns the applicant’s administrative conviction for his failure to notify the authorities of his intention to hold a solo demonstration using a “quickly (de)assembled object”. During the investigation the police used facial recognition technology to process the applicant’s personal data. THE FACTS 2.     The applicant was born in 1985 and lives in Moscow. He was represented by Mr N. Zboroshenko and Ms A. Rossius, lawyers practising in Moscow. 3.     The Government were initially represented by Mr A. Fedorov, former Representative of the Russian Federation to the European Court of Human Rights, and later by his successor in that office, Mr M. Vinogradov. 4.     The facts of the case may be summarised as follows. 5.     In May 2017 the official website of the mayor of Moscow reported that more than 3,500 CCTV cameras had been installed in Moscow. In September of the same year, more than 3,000 CCTV cameras were equipped with a live facial recognition system. In the spring of 2018, facial recognition CCTV cameras were installed in the Moscow underground. According to the mayor of Moscow, a live facial recognition system was tested in 2019. By 1   September 2020 all CCTV cameras in Moscow – there were about 175,000 by then and more than 220,000 in 2022 – were equipped with live facial recognition technology. 6.     On 12 August 2019 a political activist, Mr Konstantin Kotov, was arrested and charged with a repeated breach of the rules on “public events” under Article 212.1 of the Russian Criminal Code. Mr Kotov’s detention and the criminal proceedings against him attracted a great deal of media and public attention and caused a public outcry. 7 .     On 23 August 2019 the applicant travelled by Moscow underground with a life-size cardboard figure of Mr Kotov holding a banner stating: “You must be f**king kidding me. I’m Konstantin Kotov. I’m facing up to five years [in prison] under [Article] 212.1 for peaceful protests.” 8.     It appears from a police report dated 24 August 2019 that “monitoring of the internet” by the anti-extremism unit of the Moscow underground police (“the police anti-extremism unit”) had revealed a photograph of a man standing at an underground station with a human figure holding a banner. 9.     The police anti-extremism unit then took screenshots of a public Telegram channel containing photographs and a video of the applicant holding the cardboard figure of Mr Kotov at an underground station and inside an underground train. The text written on the banner (see paragraph 7 above) was clearly legible in the screenshots. The screenshots were printed out and stored by the police anti-extremism unit “in accordance with Chapter   26 of the Code of Administrative Offences” (“the CAO”; see paragraphs 26-27 below). 10.     It appears from another police report dated 24 August 2019 that the police anti-extremism unit obtained video-recordings from CCTV cameras installed at Chistye Prudy and Sretenskiy Bulvar underground stations. The police anti-extremism unit watched those recordings on 27 August 2019, took screenshots of the applicant’s image, printed them out and stored them in the case file. 11 .     It appears from a police report dated 26 August 2019 that the police anti-extremism unit conducted “operational-search activities” to identify the man in the photographs and the video published on Telegram, successfully identified him as the applicant and established his home address. 12 .     According to the applicant, at about 10 a.m. on 30 August 2019 the police anti-extremism unit went to his home while he was not there. At about 11 a.m. on the same day, he was arrested at an underground station. The police allegedly told him that he had been identified by the facial recognition CCTV cameras installed in the Moscow underground. 13.     The applicant was then taken to a police station, where he was charged with the administrative offence of breaching the established procedure for the conduct of public events under Article 20.2 § 5 of the CAO. The charges stated that on 23 August 2019 the applicant had held a solo demonstration at the Chistye Prudy underground station and on the underground train using a “quickly (de)assembled object” and should therefore have submitted a prior notification to the local authorities. 14.     In a letter of 2 September 2019, the acting head of the police anti-extremism unit requested the head of the Moscow underground security to provide copies of video-recordings of 23 August 2019 from 8.15 p.m. to 8.35   p.m. from twenty-two CCTV cameras installed at Okruzhnaya underground station. He relied on sections 6-3, 7-2(1) and 15-1 of the Operational-Search Activities Act (see paragraphs 22-23 and 25 below) and section 13-1(4) of the Police Act (see paragraph 29 below). He further stated that the request was being made in the framework of an inquiry being conducted with the aim of combating extremism during approved mass public events in Moscow. The police anti-extremism unit watched those recordings on 5 September 2019, took screenshots of the applicant’s image, printed them out and stored them in the case file. 15 .     On 23 September 2019 the Meshchanskiy District Court of Moscow convicted the applicant as charged. The court noted that the applicant had made oral submissions and had pleaded not guilty. It then relied on, among other things, the screenshots of the Telegram channel and the screenshots of video-recordings from the surveillance cameras in the underground in support of its finding that the applicant had held a solo demonstration using a “quickly (de)assembled object”. Contrary to the applicant’s argument, the cardboard figure of Mr Kotov could be considered a “quickly (de)assembled object” because it had a prop. The court sentenced the applicant to a fine of 20,000   Russian roubles (RUB – approximately 283 euros). 16 .     The applicant appealed. He complained, in particular, that the operational-search activities performed to identify him had been unlawful because the Operational-Search Activities Act did not permit the performance of such activities to investigate administrative offences. The evidence thereby obtained was therefore inadmissible. He also complained about the absence of a prosecuting party, claiming that that situation had breached the principle of impartiality. Lastly, he submitted that his conviction for a peaceful solo demonstration had breached his right to freedom of expression. It had never been claimed that the demonstration had created any risk to public order or to the life or health of others. 17 .     On 30 October 2019 the Moscow City Court upheld the conviction on appeal. The applicant attended the hearing and made oral submissions. The court found that the peaceful nature of the demonstration was irrelevant because the applicant had been convicted for a breach of the established procedure for the conduct of public events, namely for failure to submit a prior notification. His escorting to the police station and administrative arrest had been lawful. The offence had been discovered and the evidence had been collected by the police in accordance with the Police Act. RELEVANT LEGAL FRAMEWORK PROCEDURE FOR THE CONDUCT OF PUBLIC EVENTS 18.     The Public Events Act (no. FZ-54 of 19 June 2004) provides that no notification is required for solo demonstrations, except where the demonstrator intends to use a “quickly (de)assembled object” (“ быстровозводимая сборно-разборная конструкция ”) (section   7(1.1)). Notification of a solo demonstration involving such an object obstructing passers-by or traffic must be lodged three to four days in advance (section   7(1)). 19.     It is forbidden to hold a public event if no notification was submitted within the time-limits established by the Act (section 5(5)). 20.     Article 20.2 § 5 of the Code of Administrative Offences (“the CAO”) provides that a breach by a participant of the established procedure for the conduct of public events which has not caused damage to anyone’s health or property is punishable by a fine of between RUB   10,000 and RUB 20,000 or up to forty hours of community service. OPERATIONAL-SEARCH ACTIVITIES 21.     The Operational-Search Activities Act (no. 144‑FZ of 12 August 1995   – “the OSAA”) provides that the aims of operational-search activities are (a)   the detection, prevention, suppression and investigation of criminal offences and the identification of persons conspiring to commit, committing, or having committed a criminal offence; (b)   the tracing of fugitives from justice and missing persons; (c)   obtaining information about events or activities endangering the national, military, economic or ecological security of the Russian Federation; and (d)   obtaining information about property subject to confiscation (section 2 of the OSAA). 22 .     Audio and video-recording, photography, filming and other technical means may be used during operational-search activities, provided that they are not harmful to the life or health of those involved or to the environment (section 6-3 of the OSAA). 23 .     Operational-search activities may be conducted following receipt of information that an offence has been committed, is being committed or is being plotted, or about persons conspiring to commit, committing or having committed an offence if there are insufficient grounds for opening a criminal case (section 7-2(1) of the OSAA). 24 .     In its Ruling no. 86-O of 14 July 1998, the Constitutional Court held that section 7-2(1) of the OSAA should be read in conjunction with section 2 of the OSAA. The term “offence” mentioned in section 7-2(1) should therefore be interpreted as meaning a “criminal offence”. If it became clear during operational-search activities that the investigated offence was not classified as criminal, operational-search activities had to immediately be stopped. 25 .     Agencies performing operational-search activities may seize documents, objects, materials and communications (section 15-1 of the OSAA). COLLECTION OF EVIDENCE IN ADMINISTRATIVE-OFFENCE PROCEEDINGS 26 .     Chapter 26 of the CAO provides that documents, photographs, audio and video-recordings, databases and other forms of data can be used in evidence in administrative-offence cases if they contain information that is relevant to the case. The person in charge of the case, be it a judge or another official, must take all the necessary steps to safeguard the evidence until the case is finished and then make a decision about its fate (Article 26.7). 27 .     The judge or other official in charge of an administrative-offence case may request any information necessary to resolve the case. This information must be submitted within three days of receiving the request. If the information cannot be provided, the organisation must notify the requesting judge or other official in writing within three days (Article 26.10).        POLICE POWERS 28.     The Police Act (no. 3-FZ of 7 February 2011) provides that the police must take measures to detect, supress and investigate administrative offences within their competence (section 12-1(11)). They must also take measures to prevent, discover and supress extremist activities (section 12-1(16)). 29 .     When investigating criminal or administrative offences or examining registered complaints about criminal or administrative offences or accidents, the police are entitled to make reasoned requests for, and to obtain free of charge, information, documents or copies thereof or other necessary data, including personal data, from State and municipal authorities, public associations, organisations, officials and citizens, except for information for which federal law sets up a special access procedure (section 13-1(4)). PROCESSING OF PERSONAL DATA 30.     The Personal Data Protection Act (no. 152-FZ of 27 July 2006, as in force at the material time) provided that personal data could be processed, inter alia in connection with a person’s involvement in administrative judicial proceedings, and also if personal data had been made publicly available by the subject of those data (section 6(1)(3) and (10)). 31 .     Biometric personal data was defined as information that revealed a person’s physiological and biological characteristics that could be used to identify that person. It could only be processed with the written consent of the individual concerned, unless otherwise provided for in the section in question (section 11(1)). Biometric personal data could be processed without the data subject’s consent, inter alia in connection with the administration of justice, and in cases provided for by the legislation concerning defence, security, counterterrorism, transport security, anti-corruption and operational-search activities (section 11(2)). 32.     Processing of special categories of personal data revealing race, nationality, political opinions, religious or philosophical beliefs, health status, or intimate life was generally prohibited, except when authorised by the section in question (section 10(1)). Special categories of personal data could be processed, inter alia if personal data had been made publicly available by the subject of those data; in connection with the administration of justice; and in cases provided for by the legislation concerning defence, security, counterterrorism, transport safety, anti-corruption, operational-search activities and civil and criminal judicial enforcement (section 10(2)(2), (2)(6) and (2)(7)).        VIDEO SURVEILLANCE IN THE MOSCOW UNDERGROUND 33 .     Governmental Decree no. 410 of 5 April 2017 on requirements for transport security, in force at the material time, provided for a requirement for technical equipment to be installed in underground stations depending on their security profile. In particular, the underground stations in the first (highest security) category had to be equipped with transport security systems ensuring: –     identification of target persons and vehicles by video-surveillance systems on checkpoints at the boundaries of the security zone and its subzones and on parts of the underground essential for its functioning; –     detection and identification of target events by video-surveillance systems at any time and place inside the underground, including in unlimited access subzones, subzones with ticket access and on parts of the underground essential for its functioning; –     detection of target persons and vehicles by video-surveillance systems at any time and place in the “for staff only” subzones of the underground; –     detection of target persons and vehicles by video-surveillance systems at a specific time and place on the perimeter of the security zone; –     real-time transmission of data; –     storage of data on electronic devices for at least thirty days; –     real-time detection of an offender trying to access the underground outside the checkpoints on the perimeter of the security zone and on parts of the underground essential for its functioning; –     registration and real-time transmission of data about staff and passengers crossing the boundaries of the subzones with ticket access, “for staff only” subzones and accessing parts of the underground essential for its functioning (Article 6 § 1). 34 .     Competent agencies of the Federal Security Service, the police and the Federal Transport Supervision Service were to have access to the data obtained by the transport security systems (Article 5 §   10). RELEVANT INTERNATIONAL MATERIAL UNITED NATIONS 35.     The relevant parts of the report of the United Nations High Commissioner for Human Rights of 24 June 2020 entitled “Impact of new technologies on the promotion and protection of human rights in the context of assemblies, including peaceful protests” (UN Doc. A/HRC/44/24) read as follows (footnotes omitted): “33.     The use of facial recognition technology to identify persons in the context of assemblies has considerable adverse effects on the rights to privacy, freedom of expression and peaceful assembly, if effective safeguards are not in place. A person’s image constitutes one of the key attributes of her or his personality as it reveals unique characteristics distinguishing her or him from other persons. Recording, analysing and retaining someone’s facial images without her or his consent constitute interferences with a person’s right to privacy. By deploying facial recognition technology at assemblies, these interferences occur on a mass and indiscriminate scale, as this requires the collection and processing of facial images of all persons captured by the camera equipped with or connected to a facial recognition technology system. 34.     Assemblies traditionally have allowed participants a certain level of protection against being singled out or identified. This protection was already considerably weakened by many States that routinely made audiovisual recordings of assembly participants. The rise of facial recognition technology has led to a paradigm shift in comparison with practices of audiovisual recordings, as it dramatically increases the capacity to identify all or many participants in an assembly in an automated fashion. This is particularly problematic if live facial recognition technology is deployed, permitting real-time identification as well as targeted surveillance and tracking of participants. Faulty live identification may also lead to undue interventions in peaceful assemblies by security forces. The negative effects of the use of facial recognition technology on the right of peaceful assembly can be far-reaching, as United Nations human rights experts have pointed out. Many people feel discouraged from demonstrating in public places and freely expressing their views when they fear that they could be identified and suffer negative consequences. 35.     Audiovisual recording and facial recognition techniques should only be used when such measures meet the three-part test of legality, necessity and proportionality. The possibility that recourse to facial recognition technology during peaceful protests could ever meet the test of necessity and proportionality, given its intrusiveness and serious chilling effects, has been questioned. Authorities should generally refrain from recording assembly participants. As required by the need to show proportionality, exceptions should only be considered when there are concrete indications that serious criminal offences are actually taking place or that there is cause to suspect imminent and serious criminal behaviour, such as violence or the use of firearms. Existing recordings should only be used for the identification of assembly participants who are suspects of serious crimes. 36.     While the use of facial recognition technology in the context of peaceful assemblies is discouraged, governments that still deploy this technology should ensure that they do so on a clear legal basis, including a robust, human rights-compliant regulatory framework. In addition, the authorities that continue to use audiovisual recording and facial recognition techniques should put in place a regulatory framework that contains provisions effectively protecting personal data, including with regards to facial images and the data derived from them. Measures should provide for the immediate deletion of all data, except for the specific segments that may be necessary for the conduct of criminal investigations and the prosecution of violent crimes. All persons concerned should have the right to access and to request the rectification and expungement of such information that is stored without a legitimate purpose and a legal basis, except when this would frustrate criminal investigations or prosecutions for which these data are needed. 37.     Furthermore, any use of audiovisual recording and facial recognition technology must be subject to robust and well-resourced oversight mechanisms. While part of the oversight can be carried out by independent and impartial data protection authorities, States should consider additional measures, including the involvement of an independent body, preferably of a judicial nature, in charge of authorizing the use of facial recognition technology measures in an assembly context. In any case, any use of recording and facial recognition technology should be open to judicial challenge. In all circumstances, the authorities should be transparent about the use of recording and facial recognition technology and always notify members of the public when they are, or may be, recorded and/or when their images may be processed in a facial recognition system. ... 53.     In this context, the High Commissioner recommends that States: ... (h)     Never use facial recognition technology to identify those peacefully participating in an assembly; (i)     Refrain from recording footage of assembly participants, unless there are concrete indications that participants are engaging in, or will engage in, serious criminal activity, and such recording is provided by law, with the necessary robust safeguards; ...” COUNCIL OF EUROPE 36 .     Recommendation No.   R (87) 15 of the Council of Europe’s Committee of Ministers to member States regulating the use of personal data in the police sector (adopted on 17   September 1987) states, inter alia : “Principle 2 – Collection of data 2.1.     The collection of personal data for police purposes should be limited to such as is necessary for the prevention of a real danger or the suppression of a specific criminal offence. Any exception to this provision should be the subject of specific national legislation. ... 2.4.     The collection of data on individuals solely on the basis that they have a particular racial origin, particular religious convictions, sexual behaviour or political opinions or belong to particular movements or organisations which are not proscribed by law should be prohibited. The collection of data concerning these factors may only be carried out if absolutely necessary for the purposes of a particular inquiry.” 37 .     The Guidelines on Facial Recognition (2021) by the Consultative Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS 108) read as follows (footnotes omitted): “Facial recognition is the automatic processing of digital images containing individuals’ faces for identification or verification of those individuals by using face templates. The sensitivity of information of a biometric nature was recognised explicitly with the inclusion of data uniquely identifying a person under the special categories of data in Article 6 of the modernised Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (hereinafter ‘Convention 108+’). The context of the processing of images is relevant to the determination of the sensitive nature of the data, as not all processing of images involves the processing of sensitive data. Images shall only be covered by the definition of biometric data when they are processed through a specific technical means which permits the unique identification or authentication of an individual. These guidelines cover uses of facial recognition technologies, including live facial recognition technologies. ... Integrating facial recognition technologies into existing surveillance systems poses a serious risk to the rights to privacy and protection of personal data, as well as to other fundamental rights, since use of these technologies does not always require the awareness or co-operation of the individuals whose biometric data are processed in this way. This is the case, for instance, with the possibility to access digital images of individuals on the internet. In order to prevent such infringements, the parties to Convention 108+ shall ensure that the development and use of facial recognition respect the rights to privacy and personal data protection, thereby strengthening human rights and fundamental freedoms by implementing the principles enshrined in the Convention in the specific context of facial recognition technologies. ... Lawfulness As provided for by Article 6 of Convention 108+, the processing of special categories of data, such as biometric data, shall only be authorised if such processing relies on an appropriate legal basis, and if complementary and appropriate safeguards are enshrined in domestic law. These safeguards shall be adapted to the risks involved and to the interests, rights and freedoms to be protected. In some legislation, the prohibition of such processing is a rule and its implementation is allowed only by way of exception, in certain specific cases (for example, with the explicit consent of individuals, to protect their vital interests or when the processing is necessary for reasons of overriding public interest), and subject to safeguards that are appropriate to the risks involved. The necessity for the use of facial recognition technologies has to be assessed together with the proportionality to the purpose and the impact on the rights of the data subjects. The different cases of use should be categorised and a legal framework applicable to the processing of biometric data through facial recognition should be in place. This legal framework should address, for each different use, in particular: –     a detailed explanation of the specific use and the intended purpose; –     the minimum reliability and accuracy of the algorithm used; –     the retention duration of the photos used; –     the possibility of auditing these criteria; –     the traceability of the process; –     the safeguards. Strict limitation of certain uses by law The level of intrusiveness of facial recognition and related infringement of the rights to privacy and data protection will vary according to the particular use and there will be cases where domestic law will strictly limit or even completely prohibit its use where that decision has been reached through the democratic process. The use of live facial recognition technologies in uncontrolled environments [the notion of ‘uncontrolled environment’ covers places freely accessible to individuals, which they can also pass through, including public and quasi-public spaces such as shopping centres, hospitals, or schools], in light of its intrusiveness on the right to privacy and the dignity of individuals, coupled with the risk of an adverse impact on other human rights and fundamental freedoms, should be subject to a democratic debate and the possibility of a moratorium pending a full analysis. ... Integrating digital images into facial recognition technologies Legislators and decision makers shall ensure that images available in a digital format cannot be processed to extract biometric templates, or to integrate them into biometric systems, without a specific legal basis for the new processing, when those images were initially captured for other purposes (from social media, for instance). As extracting biometric templates from digital images involves the processing of sensitive data, it is necessary to ensure the possible legal basis considered below, which varies according to the different sectors and uses. Specifically, using digital images that were uploaded onto the internet, including social media or online photo management websites, or that were captured by video surveillance cameras, cannot be considered lawful on the sole basis that the personal data were made manifestly available by the data subjects. ... Use of facial recognition technologies in the public sector Consent should not, as a rule, be the legal ground used for facial recognition performed by public authorities in view of the imbalance of powers between the data subjects and these authorities. ... Legislators and decision makers have to lay down specific rules for biometric processing using facial recognition technologies for law enforcement purposes. These rules will ensure that such uses must be strictly necessary and proportionate to these purposes and prescribe the necessary safeguards to be provided. Law enforcement authorities Biometric data processing using facial recognition technologies for identification purposes in a controlled or uncontrolled environment should be restricted, in general, to law enforcement purposes. It should be carried out solely by the competent authorities in the area of security. Laws may provide for different necessity and proportionality tests depending on whether the purpose is verification or identification, taking into account the potential risks to fundamental rights and as long as individuals’ images are lawfully collected. For identification purposes, strict necessity and proportionality shall be observed both in the setting up of the database (watch list) and deployment of (live) facial recognition technologies in an uncontrolled environment. Laws should provide clear parameters and criteria that law enforcement authorities should adhere to when creating databases (watch lists) for specific, legitimate and explicit law enforcement purposes (for example, suspicion of severe offences or a risk to public security). Considering the intrusiveness of these technologies, in the deployment phase of the live facial recognition technologies in uncontrolled environments, the law shall ensure that law enforcement authorities demonstrate that a variety of factors, including the place and timing of deployment of these technologies, justify the strict necessity and proportionality of the uses. ...” European Union 38 .     Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ 2016 L   119, p.   89) states, among other things: Article 10 Processing of special categories of personal data “Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be allowed only where strictly necessary, subject to appropriate safeguards for the rights and freedoms of the data subject, and only: (a)     where authorised by Union or Member State law; (b)     to protect the vital interests of the data subject or of another natural person; or (c)     where such processing relates to data which are manifestly made public by the data subject.” 39.     Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement of 26 April 2023 by the European Data Protection Board read as follows, in so far as relevant (footnotes omitted): “36.     The processing of biometric data under all circumstances constitutes a serious interference in itself. This does not depend on the outcome, e.g. a positive matching. The processing constitutes an interference even if the biometric template is immediately deleted after the matching against a police database results in a no-hit. ... 43.     Article 52(1) of the Charter sets the requirement of a specific legal basis. This legal basis must be sufficiently clear in its terms to give citizens an adequate indication of the conditions and circumstances in which authorities are empowered to resort to any measures of collection of data and secret surveillance. It must indicate with reasonable clarity the scope and manner of exercise of the relevant discretion conferred on the public authorities so as to ensure individuals the minimum degree of protection as entitled under the rule of law in a democratic society. Moreover, lawfulness requires adequate safeguards to ensure that in particular an individual’s right under Article 8 of the Charter is respected. These principles also apply to the processing of personal data for purposes of evaluating, training and further developing of FRT [facial recognition technology] systems. 44.     Given that biometric data when processed for the purpose of uniquely identifying a natural person constitute special categories of data listed in Article 10 LED [Directive (EU) 2016/680, cited in paragraph 38 above], the different applications of FRT in most cases would require a dedicated law precisely describing the application and the conditions for its use. This encompasses in particular the types of crime and, where applicable, the appropriate threshold of severity of these crimes, in order to, among other things, effectively exclude petty crime. ... 51.     According to the CJEU’s settled case-law, derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary. This also implies that there are no less intrusive means available to achieve the purpose. Possible alternatives such as – depending on the given purpose – additional staffing, more frequent policing or additional street lighting have to be carefully identified and assessed. Legislative measures should differentiate and target those persons covered by it in the light of the objective, e.g. fighting serious crime. If it covers all persons in a general manner without such differentiation, limitation or exception, it intensifies the interference. It also intensifies the interference if the data processing covers a significant part of the population. 52.     The protection of personal data resulting from the explicit obligation laid down in Article 8(1) of the Charter is especially important for the right to respect for private life enshrined in Article 7 of the Charter. Legislation must lay down clear and precise rules governing the scope and application of the measure in question and impose safeguards so that the persons whose data have been processed have sufficient guarantees to effectively protect their personal data against the risk of abuse and against any unlawful access or use of that data. The need for such safeguards is all the greater where personal data is subject to automatic processing and where there is a significant risk of unlawful access to the data. Furthermore, internal or external, e.g. judicial, authorisation of the deployment of FRT may also contribute as safeguards, and may prove to be necessary in certain cases of severe interference. 53.     The rules laid down have to be adapted to the specific situation, e.g. the quantity of data processed, the nature of the data and the risk of unlawful access to the data. This calls for rules which would serve, in particular, to govern the protection and security of the data in question in a clear and strict manner in order to ensure their full integrity and confidentiality. 54.     With regard to the relationship between the controller and the processor it should not be permitted for the processors to have regard only to economic considerations when determining the level of security which they apply to personal data; this could endanger a sufficient high level of protection. 55.     An act of law has to lay down substantive and procedural conditions and objective criteria by which to determine the limits of competent authorities’ access to data and their subsequent use. For the purposes of prevention, detection or criminal prosecutions, the offences concerned would have to be considered sufficiently serious to justify the extent and seriousness of these interferences with the fundamental rights enshrined for example in Articles 7 and 8 of the Charter. 56.     The data has to be processed in a way that ensures the applicability and effect of the EU data protection rules; in particular those provided by Article 8 of the Charter, which states that the compliance with the requirements of protection and security shall be subject to control by an independent authority. The geographical place where the processing takes place may in such a situation be relevant. 57.     With regard to the different steps of processing of personal data, a distinction should be made between the categories of data on the basis of their possible usefulness for the purposes of the objective pursued or according to the persons concerned. The determination of the conditions of the processing, for example, the determination of the retention period, must be based on objective criteria in order to ensure that the interference is limited to what is strictly necessary. 58.     Based on each situation, the assessment of necessity and proportionality has to identify and consider all implications that fall within the scope of other fundamental rights, such as human dignity under Article 1 of the Charter, freedom of thought, conscience and religion under Article 10 of the Charter, freedom of expression under Article 11 of the Charter as well as freedom of assembly and association under Article   12 of the Charter. 59.     Furthermore, it has to be considered as a matter of severity, that if the data is systematically processed without the knowledge of the data subjects, it is likely to generate a general conception of constant surveillance. This may lead to chilling effects in regard of some or all of the fundamental rights concerned. ... 73.     Processing can only be regarded as ‘strictly necessary’ if the interference to the protection of personal data and its restrictions is limited to what is absolutely necessary. The addition of the term ‘strictly’ means that the legislator intended the processing of special categories of data to only take place under conditions even stricter than the conditions for necessity ... This requirement should be interpreted as being indispensable. It restricts the margin of appreciation permitted to the law enforcement authority in the necessity test to an absolute minimum. In accordance with the settled case-law of the CJEU, the condition of ‘strict necessity’ is also closely linked to the requirement of objective criteria in order to define the circumstances and conditions under which processing can be undertaken, thus excluding any processing of a general or systematic nature. ... 104.     The use of facial recognition technologies is intrinsically linked to processing of significant amoArticles de loi cités
Article 8 CEDHArticle 8-1 CEDHArticle 10 CEDHArticle 10-1 CEDH
Citations
Aucune citation répertoriée pour cette décision.
Décisions connexes
Aucune décision similaire identifiée pour le moment.
Synthèse
- Juridiction
- CEDH
- Chambre
- CASELAW;JUDGMENTS;CHAMBER;ENG
- Formation
- 6
- Dispositif
- Satisfaction
- Date
- 4 juillet 2023
- Matière
- droits fondamentaux
Référence
ECLI:CE:ECHR:2023:0704JUD001151920