The European Commission is working on new regulations to give EU citizens new rights of control over the use of their biometrics, with the goal of limiting "the indiscriminate use of facial recognition technology," according to an anonymous official quoted in the  Irish Times .

The proposed regulation would mandate notice provisions whenever facial biometric data is used, and exceptions are "tightly circumscribed," the source says.

Biometric data collection is already governed by GDPR, but the move to specifically regulate facial recognition comes as the technology continues to be deployed for a variety of semi-public applications.

Under the GDPR, biometric information is considered as “sensitive data,” meaning that its collection is prohibited unless individuals give explicit consent or the information has been made public. The European Data Protection Board (EDBP) intends to reclassify facial recognition data as “biometric data”.

The EC's plans are part of a larger effort to build an ethical and regulatory framework for artificial intelligence, and incoming EC President Ursula von der Leyen has a publicly stated goal of issuing AI-related regulations whithin her first 100 days in office. The official said that the effort is meant to "foster public trust and acceptance" in technology like facial recognition.

Sweden's national data protection authority launched an investigation earlier this year into a deployment of facial recognition to track school attendance.

Ethics Guidelines for Trustworthy AI  were published by the European Commission's High-Level Expert Group on AI in April.