APDP • Deliberation No. 2025-022 of 10 December 2025 on Bill No. 1087 concerning the remote biometric identification of persons wanted or reported in places accessible to the public

Deliberation No. 2025-022 of 10 December 2025 of the Personal Data Protection Authority (APDP) gives its opinion on the consultation of the President of the Parliament on Government Bill No. 1087 on the use of video protection and video surveillance of places accessible to the public for the detection, searching for and identifying persons wanted or reported by means of remote biometric identification systems.

* * *

SUMMARY

The APDP first analyses the pre-existing legal issues affecting the deployment of facial recognition in Monaco:

• Legal uncertainty resulting from the dual legal regime of video protection and video surveillance, and the tendency to install too many cameras;
• The alert list of wanted or reported persons is not subject to any control;
• Biometric surveillance processing is exempt from impact analysis;
• The risk of expanding surveillance measures through regulation;
• The risk of being mistakenly included on an alert list.

It then addresses the intrinsic problems with the provisions of Bill No. 1087:

• The discrepancy between the stated intentions, which are limited to a certain use of facial recognition, and the provisions of Bill No. 1656, which do not set sufficient limits;
• The issue of establishing alert lists, with a risk of broad interpretation as to the categories of persons who may be included, doubts about the ability to integrate and update INTERPOL notices, and the procedures for creating the photo database;
• The provision of video protection and video surveillance images to the Public Security Directorate via interconnections raises the risk of continuous video capture and a significant expansion of the uses of remote biometric identification;
• The addition of a 10° clause to Article 5 of Law No. 1.430, authorising the detection, search and identification of persons wanted or reported in accordance with the provisions of Title VI bis, creates a legal ambiguity that could suggest an expanded use of remote biometric identification by administrative authorities other than the Public Security Directorate, whereas Title VI bis strictly reserves its implementation to the latter;
• The proposed Article 8-6, which sets a 30-day retention period for data resulting from positive matches, lacks precision regarding the exact nature of this data and calls for clear guidelines, independent oversight and the publication of an annual report to ensure transparency and compliance in the use of remote biometric identification;
• The proposed Article 8-7 prohibits any interconnection of data processed by remote biometric identification with other personal files, but there is ambiguity as to the exact nature of this data and the creation of the alert list, which could involve indirect matching with other existing processing operations;
• Bill No. 1087 remains incomplete and vague, offering few guarantees, mixing various concepts without clear definitions, and leaving the door open to continuous monitoring of privacy and to extensive uses that are difficult to regulate, while providing for no penalties or mechanisms for accountability or redress in the event of error or abuse.

* * *