-

IRIS must ensure: Explicit, informed consent Secure storage and encryption Access logging and auditability Human oversight of alerts Transparency to users Bias monitoring and mitigation Failure to meet these could lead to regulatory penalties and ethical harm.

Informed consent, transparency, explainability • Bias monitoring & fairness • Data security, breach reporting • Accountability, technical documentation, human oversight

Ensure the data is not going anywhere to third party organisations

Secure storage, restricted access, and transparency are essential to prevent misuse. Ongoing bias testing and system monitoring protect fairness. Ethical governance ensures safety benefits do not compromise user rights.

Obtain explicit informed consent Ensure transparency on data use Implement strong encryption and secure storage Limit access to authorized personnel only Conduct regular data protection and security audits

When collecting real-time facial and behavioural data to detect driver drowsiness, organisations must ensure a clear lawful basis for processing and, where biometric or health data is involved, meet the additional conditions for special category data. Drivers must be transparently informed about what data is collected, how it is used, and for what purpose, and monitoring must not be covert or excessive. Strong technical and organisational security measures, including encryption, access controls, and minimal retention, are required to protect sensitive data and prevent breaches. Clear governance rules must prohibit secondary use or profiling beyond fatigue detection, reducing the risk of data misuse. Finally, systems must ensure fairness, avoid discriminatory impacts, provide human oversight, and comply with any applicable high-risk AI obligations under the EU AI Act.

You cannot let the AI be the final judge of a driver’s employment status. IRIS must be designed to allow natural persons to oversee its operation.

Making clear how facial recognition data is collected and how it is stored (eg for future training datasets). Also, not sharing this data for different purposes

Beyond core GDPR and EU AI Act compliance, IRIS must also address: Security obligations: strong encryption, access control, and breach notification procedures. Transparency obligations: clear explanations of data use, automated processing, and system limitations. Human oversight: mechanisms allowing drivers to challenge or override alerts. Bias monitoring and mitigation: continuous auditing to detect disparate impacts across demographic groups. Post-market monitoring: tracking real-world performance and harm incidents. Ethically, these measures demonstrate respect for user autonomy, fairness, and dignity, while legally they reduce exposure to enforcement actions and liability.

You need to get a clear consent from drivers, tell them how the data is being used and keep the data safe. Only collect what’s necessary

Collecting real-time facial and behavioral data for driver drowsiness detection involves, at minimum, compliance with stringent data protection laws and ethical considerations regarding privacy, surveillance, and fairness.

Shiii idk

Security: Encrypt data in storage and transit. Access control: Restrict to authorized personnel only. Transparency: Inform drivers about data collection, processing, and rights. Bias mitigation: Ensure datasets are demographically diverse. Human oversight: Allow drivers to override alerts. Audit & accountability: Keep logs for regulatory compliance and post-market review. Minimize retention: Do not store incidental non-driver data.

Informed consent, data minimization, transparency, purpose limitation, data anonymization/pseudonymization, regular security audits, and accountability

Make laws where Seperate it from data collecting entities (i.e. Gen AI Companies, Big Tech)

The drivers must be aware and should have access to their data when they please - especially to delete it if they want.