
The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
The Spanish Data Protection Agency (AEPD) banned the use of AI-based facial recognition for online exam proctoring, sanctioning universities such as Universitat Internacional Valenciana and VIU. The decision was driven by concerns over biometric data protection and a lack of enabling legislation for such AI systems.[AI generated]
Why's our monitor labelling this an incident or hazard?
The event clearly involves an AI system (facial recognition with AI) used in a way that has directly caused harm by violating data protection laws and individuals' rights to privacy and data security. The sanction by the AEPD confirms that the AI system's deployment led to an incident of unlawful processing of sensitive biometric data without valid consent or legal basis, which is a breach of fundamental rights under applicable law. Therefore, this qualifies as an AI Incident due to realized harm from the AI system's use. The discussion of possible future regulatory frameworks does not negate the current incident classification.[AI generated]