China Proposes Regulations Requiring 'Personal Consent' for Facial Recognition Implementation
China's Extensive Facial Recognition Use Faces Regulatory Reforms amid Privacy Concerns
China's rapid integration of facial recognition technology into various aspects of daily life has garnered both admiration for its convenience and criticism over privacy apprehensions. The widespread adoption of this technology has also fueled a surge in valuations for specialized companies like AI giants SenseTime and Megvii.
Now, the industry confronts potential transformative changes as Beijing intensifies its efforts to establish clearer boundaries for the application of facial recognition. This initiative builds upon the implementation of significant tech regulations introduced in recent years, which focused on cybersecurity, data security, and privacy safeguarding.
On Tuesday, the Cyberspace Administration of China (CAC), the country's top internet overseer, revealed a set of proposed measures aimed at governing the deployment of facial recognition technology. This technology has found extensive use in both public and private sectors, spanning from facial scans for payment authentication in supermarkets to identity verification processes at airport boarding gates – a practice increasingly common not only in China but also across the United States.
Critics have raised alarms about privacy and potential bias inherent in facial recognition usage. Concerns have been voiced over instances where residential complexes have made facial scans the sole means of building access. Additionally, there are worries about algorithm accuracy and fairness, particularly when it comes to recognizing faces of minority groups, potentially leading to unjust targeting.
The proposed measures seemingly aim to grant individuals greater rights to opt out of facial recognition under specific circumstances; however, these provisions do come with certain limitations.
The application of facial recognition is to be confined to "explicit purposes and genuine necessity," necessitating individual consent or written authorization according to the draft regulations.
The rules underscore the need for conspicuous signage in public spaces where facial recognition is employed. Establishments like hotels, airports, and museums are prohibited from compelling individuals to undergo facial scans for reasons such as "business operations" or "service enhancements." Furthermore, facial recognition cannot be the sole means of building entry.
When gathering facial biometric data from individuals under 14 years old, consent from their parents or legal guardians is obligatory.
Entities, both corporate and individual, will incur heightened operational expenses for utilizing facial recognition technology. Organizations possessing facial data of over 10,000 individuals must register with a local branch of the CAC. The filing must elucidate the purpose of data collection and outline data protection strategies. Without individual authorization, data collectors are barred from retaining facial images in their original resolution.
If effectively enforced, these proposed measures possess the potential to bolster security within an industry that has hitherto operated with relatively lax regulations and diminish the risk of mishandling sensitive data. China has borne witness to several significant breaches of biometric data in recent years, jeopardizing the confidential information of millions.
Despite these changes, China's employment of facial recognition systems to identify individuals' ethnicities, particularly concerning the Uyghur community, remains unchanged under the new regulations. The proposed measures dictate that any entity or individual must refrain from utilizing facial recognition technology to construct profiles based on attributes like race, ethnicity, religion, health, social status, or other sensitive details, unless deemed necessary for reasons including national and public security.