I have just written to
Mr Julian King, European Commissioner for Security
Ms Vera Jourova, European Commissioner for Justice
Ms Mariya Gabriel, European Commissioner for Digital Society
Mr Giovanni Buttarelli , European Data Protection Supervisor
Re: “Safe City” project for video surveillance and Chinese face recognition technology in Malta
Dear Commissioners, dear Data Protection Supervisor,
The Government of Malta has confirmed in multiple occasions its plans to introduce video surveillance and face recognition technology (FRT), without any prior public consultation, as a way to prevent crime in densely-populated areas of the country including Marsa and Paceville (“Safe City” project).[1] This would be implemented by the government company Safe City Malta, part of the government’s public-private partnership arm Projects Malta, using artificial intelligence-backed CCTV, able to pick out and identify a face within a crowd, developed by Chinese firm Huawei, which has been criticised for its allegiance to Chinese state intelligence agencies[2], with whom the Maltese government has recently signed two Memorandums of Understanding negotiated by Malta’s special envoy to Asia, Sai Mizzi Lang, wife of Energy Minister Konrad Mizzi.[3]
According to Professor Joseph Cannataci,[4] this project would need to be in line with the EU General Data Protection Regulation (GDPR), the EU Police Directive 2016/680, and the Council of Europe Convention no. 108 on Data Protection (Protocol CETS 223).[5] These legal instruments point to the need for any intrusion within with one's privacy to be envisaged in the law, necessary and proportionate to its aim in a democratic society.
In particular, the GDPR legislation has introduced stringent rules on the use of CCTV and face recognition technology.[6] The Data Protection Commissioner of Ireland has recently noted that there are a number of outstanding issues with the use of facial recognition technology in the EU, particularly in relation to consent, and that compliance of this feature with GDPR is not settled.[7]
The Government of Malta announced that the “Safe City” project will be in line with EU data protection regulation, and is currently discussing it with Malta’s data protection commissioner. The Malta IT Law Association warned the plan amounts to a serious invasion of privacy, and is against Maltese and EU legislation.[8]
It should be noted that the use of invasive technology such as AI/CCTV facial recognition in public spaces may lead as a tool for control and repression of citizens’ liberties, including their right to privacy, to freedom of expression, or to freedom of assembly in case of public protests. Citizens will all be treated as potential criminals or terrorists, fostering self-censorship and corroding democratic life. As noted by the New York Times, “even the perception of surveillance can keep the public in line”.[9]
Based on this, I would like to encourage your services:
- to ask the Government of Malta to publish detailed information about the “Safe City” project, including in order to have a meaningful public consultation on the issue;
- to assess whether Malta has the adequate legislative framework to allow the implementation of the above-described “Safe City” project;
- to establish whether the “Safe City” project fulfils the requirements of necessity and proportionality and is in line with the the EU General Data Protection Regulation (GDPR) and the EU Police Directive 2018, also in terms of necessary consent, transparency and information requirements, profiling and right to object.
Kindest regards,
Dr Michael Briguglio
[4] the first United Nations Special Rapporteur on the right to privacy, Head of Department of Information Policy & Governance and Deputy Dean for the Faculty of Media & Knowledge Sciences at the University of Malta
