Cameras are watching you in every European city. That is not a conspiracy theory. It is infrastructure. The question that matters in 2026 is not whether you are being observed but whether the systems watching you are making automated decisions about you, how accurate those decisions are, and what legal protections exist between an algorithm and your freedom.
The Technology Behind the Debate
To understand the surveillance conversation in Europe, you first need to understand what the technology actually does. Modern AI surveillance goes far beyond a camera recording footage that a human officer might later review.
Facial recognition technology (software that analyses the geometry of a face captured on camera and matches it against a database of known individuals) can identify people in real time in crowded public spaces. Gait recognition (systems that identify individuals by the way they walk, even when their face is obscured) is being developed and tested in several countries. Emotion recognition software (AI that claims to infer emotional states from facial expressions) has been marketed to schools, airports, and employers across Europe. Predictive policing algorithms (systems that use historical crime data to predict where crimes are likely to occur and sometimes who is likely to commit them) have been used by law enforcement agencies in multiple EU member states.
Each of these technologies shares a common characteristic. They make automated assessments about individuals, often without those individuals knowing they are being assessed, and those assessments can trigger real-world consequences including police attention, denial of access to services, or targeting for further investigation. The accuracy of these systems varies enormously and the potential for harm when they are wrong is significant.
What European Law Actually Says
Europe has taken a more structured approach to AI surveillance than any other major region in the world, largely through the combination of GDPR and the EU AI Act.
GDPR (General Data Protection Regulation, the EU’s comprehensive data privacy law) established that biometric data (physical or behavioural characteristics used to identify individuals, including facial geometry, fingerprints, and iris patterns) is a special category of sensitive personal data requiring explicit legal justification to collect and process. Processing biometric data for the purpose of uniquely identifying individuals in public spaces requires either explicit consent, which is impossible to obtain from an anonymous crowd, or a specific legal basis meeting very high standards.
The EU AI Act, which began its rollout in 2025, goes further by classifying real-time remote biometric identification systems (the technical term for AI that identifies people from cameras in live public spaces) as high-risk AI applications subject to strict regulation, with an almost complete ban on their use by public authorities in publicly accessible spaces. The word almost matters here. The Act permits limited exceptions for law enforcement in cases involving serious threats including terrorism, searching for missing children, and identifying suspects of specific serious crimes, subject to prior judicial authorisation.
This framework represents a clear European values choice. The default position is that real-time AI identification of individuals in public spaces is not acceptable. Exceptions are narrow, defined, and require oversight. The burden of justification falls on those who want to use the technology, not on citizens to justify why they should be left alone.
Three Cases That Show the Tension in Practice
France Experiments With Olympic Surveillance
During the Paris 2024 Olympics, France deployed AI-powered video surveillance systems across event venues and public transport networks. The system, authorised by a specific law passed ahead of the Games, used AI to analyse crowds and detect specific events such as abandoned objects, crowd movements suggesting crushes or panic, and unusual behaviour patterns. French authorities were careful to specify that the system did not use facial recognition and did not identify individuals.
The deployment was controversial. Privacy advocates including the French digital rights organisation La Quadrature du Net argued that the technology was a significant expansion of surveillance infrastructure that would outlast the Games and set precedents for normalising AI crowd monitoring in public spaces. Supporters pointed to the absence of serious security incidents at the events and argued the technology demonstrated that safety and privacy could coexist if clear limits were applied and maintained.
The French case illustrates the genuine complexity of the debate. A surveillance system that detects crowd crush risks without identifying individuals is doing something qualitatively different from one that identifies and tracks specific people. The line between those two uses is real but also moveable, and the infrastructure built for one can technically enable the other.
Germany’s Strict Constitutional Limits
Germany has some of Europe’s most restrictive legal frameworks around surveillance, rooted in a constitutional culture shaped by the memory of both Nazi and Stasi surveillance states. German courts have consistently interpreted the right to informational self-determination, a principle derived from the German Basic Law by the Federal Constitutional Court in 1983, as a strong limit on state surveillance powers.
Several German states have attempted to deploy AI-assisted surveillance tools in recent years and have faced significant legal challenges. A facial recognition pilot at Berlin’s Sรผdkreuz station was contested by privacy advocates and subjected to detailed scrutiny. The German Federal Constitutional Court has repeatedly signalled that dragnet surveillance approaches, including technologies that effectively monitor entire populations without individualised suspicion, face very high constitutional barriers regardless of any security benefits claimed.
For EU citizens thinking about where they want Europe’s AI surveillance culture to land, Germany’s constitutional framework offers one clear model. It is a model that prioritises individual dignity and the presumption of innocence with a seriousness that directly reflects historical experience with what surveillance states actually do when constraints are removed.
Latvia and the Baltic States Face a Specific Security Context
The security context in the Baltic states adds a dimension to the AI surveillance debate that Western European countries do not face with the same urgency. Latvia, Estonia, and Lithuania are NATO members sharing borders with Russia and Belarus, and their security services operate in an environment where hybrid warfare, including disinformation campaigns, cyberattacks, and the use of minority populations for political destabilisation, creates security challenges that are qualitatively different from the terrorism-focused context of most EU surveillance debates.
Baltic governments have deployed various digital monitoring and border surveillance tools that reflect this specific threat environment. The question of where legitimate security monitoring ends and rights-eroding surveillance begins is particularly charged in countries where the living memory of Soviet surveillance is not abstract history but a personal experience for millions of citizens and their parents.
This context does not override the legal framework set by GDPR and the EU AI Act. But it does mean that Baltic policymakers are navigating surveillance questions with a different set of pressures than their counterparts in Berlin or Paris. Finding the right balance requires taking both the rights framework and the genuine security context seriously rather than treating either as absolute.
Europe vs. China: The Sharpest Possible Contrast
No comparison makes the European values choice clearer than the contrast with China’s approach to AI surveillance. China has deployed the world’s most extensive facial recognition infrastructure, covering transportation hubs, residential areas, public spaces, and workplaces across the country. The system is integrated with a social credit framework that uses monitored behaviour to affect citizens’ access to services, travel, and economic opportunities.
Chinese authorities have used AI surveillance systems to track ethnic minority populations, particularly Uyghurs in Xinjiang, in ways that human rights organisations have described as constituting technological enablement of mass persecution. The data collected feeds into systems that can predict and pre-emptively act on perceived political dissent as well as criminal behaviour.
The EU AI Act explicitly identifies social scoring systems and real-time mass biometric surveillance as unacceptable risk AI applications, and its drafters were clearly aware of the Chinese model as an example of where unconstrained AI surveillance leads. The Act does not name China but the reference is unmistakable.
The comparison matters for European citizens because it shows that the choices made now about what AI surveillance is permitted in Europe are genuinely consequential for what kind of society Europe will be in twenty years. Technology that exists and is legal tends to expand in use over time. Constraints established clearly in law and constitutional culture tend to hold better than informal norms and voluntary restraints.
The Accuracy Problem Nobody Talks About Enough
Beyond the rights questions, there is a practical problem with AI surveillance that receives insufficient attention in public debate. These systems are not reliably accurate, and their error rates are not distributed equally across the population.
Multiple studies have found that commercial facial recognition systems perform significantly less accurately on women, older people, and people with darker skin tones compared to white male subjects. A system that misidentifies a white male suspect roughly 1% of the time may misidentify a Black woman 10 to 30 times more often depending on the system and context tested. When the consequence of a misidentification is a police stop, an arrest, or denial of entry to a venue, these differential error rates translate directly into differential harm to already marginalised groups.
This accuracy problem is not merely a technical issue to be fixed with better training data. It reflects the composition of the datasets the systems were trained on and the structural biases embedded in those datasets. The EU AI Act’s high-risk classification for biometric identification systems specifically requires bias testing and documentation of accuracy across different demographic groups. This is a meaningful requirement. But it only protects people if it is enforced rigorously and if the testing methodologies are robust enough to catch real-world performance failures.
Safety and Privacy Are Not Opposites
The framing of surveillance debates as a trade-off between safety and privacy is one of the most persistent and misleading ideas in technology policy. It suggests that we must choose how much freedom to sacrifice for how much security to gain, as if the two exist on a single scale where more of one means less of the other.
The evidence from Europe’s most effective security systems does not support this framing. Estonia’s approach to national security relies heavily on digital resilience, cyber defence, and intelligence cooperation rather than mass surveillance of its own population. Germany’s restrictive surveillance laws have not made it less safe than countries with more permissive frameworks. And the countries with the most extensive surveillance infrastructure are not demonstrably safer than those with the strongest privacy protections.
What extensive AI surveillance does demonstrably produce is a chilling effect on behaviour, where people modify what they say, where they go, and who they associate with because they know they are being watched. That change in behaviour is a cost to freedom even when no individual is ever directly harmed by a specific surveillance decision, and it is a cost that falls disproportionately on minorities, activists, journalists, and others whose behaviour is most likely to attract automated attention.
๐ฌ Here is the question worth sitting with: If a city you lived in offered to reduce street crime by 20% using AI surveillance cameras that tracked every person’s movements in public spaces without facial recognition, would you accept that trade-off? And does your answer change if the system could identify individuals as well as track behaviour? Tell us in the comments.
#AISurveillance #PrivacyRights #EUAIAct #FacialRecognition #DigitalRights
Leave a Reply