EU AI Act Bans And Biometric Privacy: Lessons For India
Gayatri Rathi & Dr. Sarika Tyagi
DOI:
Abstract
The Artificial Intelligence Act of the European Union, officially adopted as Regulation (EU) 2024/1689, considers biometric AI as an area where some uses are so rights-infringing that even a risk-management label would not suffice; therefore, it draws legally binding red lines through Article 5 of Regulation (EU) 2024/1689. The forbidden practices most relevant to biometrics comprise the use of “real-time” remote biometric identification in publicly accessible spaces for law enforcement purposes, which is subject only to tightly conditioned exceptions that are linked to specific objectives such as the search for missing persons, the prevention of imminent threats, and the identification of suspects of serious crimes, which must be supported by the prior authorization, registration, and deletion obligations. Furthermore, the Act disallows the creation or enlargement of facial recognition databases by indiscriminate scraping from the internet or CCTV, which is a depiction of the explicit legal decision that mass face capture destroys anonymity and scares public life. It bans biometric straightforwardness that is used to guess sensitive traits and prohibits emotion recognition in workplaces and educational institutions unless it is for the narrow purposes of medical or safety cases. These prohibitions are relevant for India because the Indian constitutional privacy doctrine, based on Article 21 of the Constitution of India and interpreted in K. S. Puttaswamy v. Union of India, requires State intrusions to be legal, necessary and proportionate, whereas Indias very recent data protection statute, the Digital Personal Data Protection Act, 2023, imposes cross-sector duties without biometric-specific per se bans. The takeaway from the comparison is that India can implement EU-style bright lines for high-chill biometric uses while fitting the safeguards to Indian welfare delivery, policing capacity, and oversight institutions through pinpointed statutory amendments, procurement conditions, and audit-ready authorization processes. A practical roadmap would be to enact biometric-specific prohibitions and narrow exceptions, harmonize legitimate grounds and retention limits between Section 29 of the Aadhaar Act, 2016 and the DPDP framework, and develop binding authorization, logging, and independent review provisions for any biometrics-based public space surveillance.
Keywords
EU AI Act, Article 5 Bans, Biometric Privacy, Facial Recognition, Emotion Recognition, Predictive Policing, India DPDP Act
