A live demonstration uses artificial intelligence and facial recognition in Las Vegas | David McNew/AFP via Getty Images Europe eyes stricter rules on facial recognition Under new legal guidance, companies and agencies will need explicit consent to use the technology.

Europe's privacy watchdogs are looking to tighten restrictions on the use of facial recognition in a shift that could limit how governments and large companies use the technology.

Police and security forces across the EU increasingly resort to facial recognition to scan crowds for threats, with use cases popping up in Berlin, Copenhagen and on the streets of U.K. cities.

Tech companies are also big users, as Facebook automatically scans profiles to match photographs against users who have provided consent and Apple uses face-scanning to unlock phones.

But as the technology becomes more widespread, it's also growing more controversial. Amid reports of unbridled public surveillance in China, data protection activists around Europe argue that scanning faces without explicit consent amounts to a violation of the bloc's sweeping privacy law, the General Data Protection Regulation.

Now a group of European privacy watchdogs is set to lend them support. According to representatives from two national authorities who spoke to POLITICO on the condition of anonymity, watchdogs discussed new guidelines on Tuesday at a joint meeting in Brussels that would effectively tighten restrictions around the use of facial recognition technology.

In particular, the watchdogs are looking to reclassify facial recognition data as "biometric data," which under the GDPR is considered "sensitive data" and requires explicit consent from the person whose data is being collected as well as other stricter privacy protections. Without these, collection of the data is forbidden.

The draft change, which coincides with a warning about police use of face-scanning by U.K. privacy watchdog Elizabeth Denham, has a potentially far-reaching impact for governments and private corporations, namely Silicon Valley companies that are subject to the GDPR when they collect data on Europeans.

If national data protection authorities endorse the draft guidelines and start to police facial recognition more closely, use of the technology could be severely curtailed. Current methods to alert the public that they are under video surveillance, typically the display of a prominent sign, would not rise to the standard of "explicit consent" required for collecting biometric data.

Facebook tagging in crosshairs

The guidelines come as debate about police use of facial recognition reaches a fever pitch in the United Kingdom.

On Tuesday, Information Commissioner Denham stated in a blogpost she is "deeply concerned" about police use of facial recognition, and that "there were still significant privacy and data protection issues that must be addressed" amid an ongoing investigation of police trials by her office.

"I believe that there needs to be demonstrable evidence that the technology is necessary, proportionate and effective considering the invasiveness of LFR," meaning live facial recognition, she added.

Any change in the way EU data protection watchdogs police biometric data is also likely to have an immediate impact on big tech firms, namely Facebook. Early last year, following a ban on mass-scanning of profile pages in the EU, the social network reintroduced automatic scanning of profile pictures while asking users for consent to be tagged thanks to facial recognition technology.

At the time, privacy activists argued that the consent was not valid because even users who opted out would have their biometric data scanned. The Irish Data Protection agency — Facebook's lead regulator within the EU — sought guidance from other European agencies.

A spokesman for Facebook declined to comment.

"We'll get the right level of consent to use facial recognition going forward," Stephen Deadman, Facebook's global deputy chief privacy officer, said in an interview last year in reference to the technology's rollout in Europe.

The guidelines are expected to go through a public consultation process before being finalized by the watchdogs.

A spokesperson for the European Data Protection Board, the pan-EU group of privacy regulators, declined to comment.

Janosch Delcker contributed reporting from Berlin.