Judge declares Buenos Aires’ Fugitive Facial Recognition System Unconstitutional
On September 7, a trial judge declared the implementation of the Fugitive Facial Recognition System (SRFP, for its name in Spanish) by the Government of the City of Buenos Aires unconstitutional. The decision set an important precedent for risks associated with privacy and intimacy in public spaces in the context of public surveillance for law enforcement purposes. Remarkably, this is also one of the very few known judicial decisions in the global privacy space that clearly looks at the rights to privacy, intimacy and data protection as rights having collective relevance rather than merely individual rights. The decision revealed multiple violations of individuals’ privacy, and instances of abuse of authority by system operators.
The SRFP was implemented in 2019 as part of the Video Surveillance System of the capital of Argentina and was previously the subject of a government suspension order in April 2020 due to reduced system efficacy caused by pandemic-related masking. The system consisted of facial recognition software installed in selected video surveillance cameras already distributed in Buenos Aires. The Urban Surveillance Center of the Police Department was responsible for visualizing and processing the images and checking them against a national database containing capture orders for fugitives of the justice system (the CONARC database). Upon finding a match, the system issued an alarm and dispatched officers to detain the alleged fugitive.
Following the announcement of the SRFP, many civil society organizations criticized the risks to privacy and other fundamental rights (such as freedom of association) posed by the system, as well as its potential for abuse due to its wide scope and nature. In December 2020, the Observatorio de Derecho Informatico Argentino (ODIA), joined by other civil society organizations, filed an amparo1 lawsuit before an administrative court against the Government of the City of Buenos Aires for i) issuing Resolution 398, which created the SRFP; ii) approving Law 6.339, which incorporated the SRFP into the local public security law (Law 5.688); and iii) implementing the system without adequate mechanisms.
The court agreed with ODIA and declared the SRFP unconstitutional, prohibiting its operation until control and oversight mechanisms required by law are put in place.
1. Privacy as a collective right, redressable through constitutional mechanisms
The first element of the decision analyzed the standing of the ODIA to bring the lawsuit, and whether the amparo action was the appropriate way to do so. As an initial matter, the court determined the ODIA had standing to sue because the ODIA alleged a violation to the fundamental rights to privacy, intimacy, and protection of personal data. Argentinian courts recognize three categories of procedural standing rights: i) individual rights, ii) rights of collective incidence in regard to collective goods, and iii) rights of collective incidence in regard to homogeneous individual interests. The court determined the rights to privacy, intimacy, and data protection fall under the second category – rights of collective incidence in regard to the collective good. For litigation relying on such rights, a plaintiff’s identity is not relevant, as long as the case is related to a collective incidence affecting citizens of Buenos Aires. The relevant question is whether the plaintiffs are or represent citizens, whose presence in the city makes them susceptible to a privacy violation.
The court also considered whether an amparo action was the appropriate redress for the alleged harm. The court determined that an amparo is permitted as long as the plaintiff is able to demonstrate i) an actual or imminent injury, restriction, alteration or threat to constitutional rights; ii) a manifest illegality or arbitrary actions by the authority; and iii) the possibility of judicial redress within a reasonable time. In this case, because of how the SRFP was implemented, and the risks it posed to fundamental rights, the court concluded an amparo action would provide an effective and timely remedy, as opposed to the contentious administrative procedure set forth in the Administrative and Tax Code. Additionally, as a constitutional recourse, an amparo action allowed the court to study the constitutionality of the incorporation of the SRFP into Buenos Aires’ public security law, in light of the rights and obligations in the national Constitution and applicable international treaties, such as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108).
2. Lack of control and oversight
The second element of the court’s decision focused on the failure of the Government to adopt safeguards to counteract the risks posed by the SFRP’s implementation. Resolution 398, which approved the implementation of the system, authorized the Ministry of Justice and Security of Buenos Aires (“the Ministry”) to issue additional regulations for its “effective implementation” and invited the Public Defender’s Office to audit the system. In March 2020, the Public Defender signed a collaboration agreement with the Ministry in the context of Resolution 398, but noted that beginning in 2019 it had documented “serious flaws” in the functioning of the SFRP leading to unlawful detentions.
The decision found several inconsistencies between the local government and Public Defender’s assertions regarding unlawful detentions arising from SFRP “false positives.” When asked about the number of detentions due to “false positives,” the government claimed there had been no wrongful detentions after the implementation of the SFRP, and that any false alarm or wrongful detention arose from potentially erroneous information in the CONARC fugitive database. Contrary to those claims, the Public Defender verified that unlawful detention of individuals due to SRFP “false positives” had occurred. These “false positive” cases were also confirmed by the National Directorate of the National Reincidence Registry of Argentina, which mentioned in certain detentions officers failed to validate the order’s information with the individual’s DNI (national document identity) or their biometrics, indicating the police were relying on the system’s alarms although they could be triggered by inaccurate information.
The decision highlighted a pattern of unlawful detentions lasting one to three hours, where individuals were mistakenly identified as fugitives. The court noted that in several cases, the SRFP system correctly identified an individual but issued an alarm based on invalid or expired orders in the underlying CONARC system. In one example, a man was mistakenly intercepted at a metro station due to an alarm issued by the system; after some time, the officers noticed the capture order contained a different name from the one appearing in the individual’s DNI, which was provided by the SFRP registry, and later that the individual’s DNI could still be linked to the capture order within the SRFP, despite a formal request for deletion. In another example, a woman’s July 2019 interception and arrest by eight policemen at a railway station resulted from a years-old expired CONARC capture order.
Separately, the court also documented the government’s failure to implement other legally required oversight mechanisms. The public security law of Buenos Aires mandated all video surveillance systems, including the SFRP, to be included in a Registry providing operational status information for each system. The law also required the Ministry to send an annual report to a Special Committee for the Monitoring of Video Surveillance Systems (Special Committee) and the Public Defender’s Office describing the technical specifications of the software used by the SRFP, any modifications, and the criteria for the installment of video surveillance cameras in certain points of the City. However, almost two years after its implementation, the databases were never registered and the Committee never established.
3. An unreliable database
Throughout the decision, the court emphasized the problematic nature of the system’s source of information. The SRFP operated through the CONARC database, which has information about capture orders issued by national and local courts. However, according to the officials in charge of its operation, the CONARC database has “serious flaws” that, when used for the SRFP, could lead to “false positives” resulting in unlawful detentions, several of which the court described in detail. Updates to the database are usually affected by delays related to the overall functioning of the judicial system, as well as errors linking the information of a fugitive with biometric data, since the latter is provided by the National Registry of Persons (RENAPER).
Ultimately, the court held that the SFRP is contrary to the principle of presumption of innocence. Almost anyone in the City could be erroneously identified as a fugitive and thus detained by the police. The court found that, contrary to the local government’s assertions, this risk was ongoing and widespread, and it had been this way since the system was first implemented, as demonstrated by the Public Defender’s documentation. Additionally, the judge determined that although some flaws are rooted on the CONARC database, the SRFP could not be considered lawful per se since its operation exclusively relied on that database. The court indicated that the “mere possibility” of adverse consequences, in addition to the absence of adequate control and oversight mechanisms, demonstrated that the SFRP posed a “serious risk” of a breach of the citizens’ privacy.
4. Abuse of authority findings
The decision also noted several inconsistencies in the government’s description of the system’s operation following its implementation. The Ministry argued the SRFP was a completely automated process that left no space for discretionary or arbitrary human intervention. Under the law, the SFRP could only rely on the information provided by the CONARC database, and the public security law of Buenos Aires specifically prohibited the incorporation of data from individuals that are not included in that database. As a result, the number of records in the system should have matched the number of registries in the CONARC fugitive database. However, after obtaining the lists of registries in the CONARC database and the number of requests to the RENAPER for biometric information, the Court noticed the numbers did not match.
Comparison of CONARC and RENAPER records revealed that, including periods of time when the SRFP system was allegedly suspended, the government made 9,392,372 requests to access biometric data, in excess of the number of active fugitives within the CONARC database, which only had up to 35,000 registries. These requests demonstrate the government accessed biometric data from individuals that were not fugitives and whose information the authorities had no legitimate purpose to access. Specifically, the Court verified that at least 15,459 search records in the SRFP were about individuals that were not included in the CONARC registries. This verification, the court concluded, indicate the government of Buenos Aires had misused the SFRP.
The Court ultimately determined the actions of the Buenos Aires Government were contrary to the data protection legal system in Argentina. The final factor in the court’s decision turned on the lack of accountability for high-level users of the SFRP system. The court found it unreasonable that seventeen unidentifiable “admin” users had unrestricted access to the sensitive information of millions of individuals, while also free to manipulate and/or erase data without any meaningful transparency or accountability mechanisms in place. The court determined that at least 356 search records for individuals whose biometric data was incorporated into the SFRP were manually erased, making it impossible to assess whether those searches were legally justified.
Finally, the court noted that while the SFRP relied on the processing of sensitive information, an impact assessment was never performed by the system owners.
Conclusion
The court declared the implementation of the SFRP unconstitutional. The court was specific that unconstitutionality arose from the specifics of the SFRP’s implementation and not on the system itself; as a result, the system could potentially be put into operation again if authorities comply with the requirements of the judicial mandate. The court specifically noted that “when the system is implemented again” it will be mandatory that i) the Special Committee for the Monitoring of Video Surveillance Systems be established and that the Public Defender must be able to effectively exercise its oversight obligations; ii) the Registry of the surveillance systems be created; iii) a data protection impact assessment on the system be performed, and iv) the public must be consulted regarding the implementation of the SFRP. Importantly, although the court criticized the reliance of the SFRP on the CONARC database, it did not seem to prohibit the system’s reliance on it in the future.
Critically, in addition to preserving the SFRP system writ large, the decision did not declare the law creating the SFRP and incorporating it in the public security law unconstitutional. In fact, the court did not question the law’s constitutionality under Argentina’s constitutional and conventional framework of fundamental rights and freedoms. This is a key point because the amparo action specifically enables a judge to perform this analysis. If the SFRP is implemented once again, it will be interesting to see whether the constitutionality of the law is reviewed under an amparo lawsuit and if specific instruments protecting privacy and personal data, such as Convention 108, play a significant role in the analysis.
Finally, this decision should be seen as part of a larger and decentralized push to oppose government use of facial recognition technologies growing globally over the past years. While in the European Union, the European Data Protection Supervisor, the European Data Protection Board, and the European Parliament are moving towards requesting a ban on live facial recognition technologies in public spaces as part of the legislative process of the AI Act, in the U.S. a bill was recently introduced with the objective to place “strong limits and prohibitions on law enforcement use of facial recognition technology,” limiting its use to situations when a warrant has been obtained.
It is also important to mention that this decision could be reversed under appellate review if the government decides to appeal. Nevertheless, the trial court’s decision has been celebrated in Argentina as an important precedent for the protection of personal data and privacy, and because it exposed an abuse of authority long accused by ODIA and other organizations since the SFRP system began to operate.
Editor: Lee Matheson
1 The amparo is recognized as a right in Article 43 of the Argentinian Constitution. It is a process or trial through which citizens can challenge the constitutionality of laws, as well as actions or omissions from authorities that affect constitutionally recognized rights and freedoms.
