It has many applications in various fields, such as security, law enforcement, banking, education, and entertainment. However, it also raises some ethical and legal issues regarding privacy, consent, and discrimination.
China is one of the world's leaders in developing and deploying facial recognition technology. According to a report by the International Data Corporation (IDC), China accounted for 44.6% of the global facial recognition market in 2020, followed by the United States with 32.2%. China has used facial recognition technology for various purposes, such as tracking criminals, verifying identities, preventing fraud, monitoring traffic, and even dispensing toilet paper.
However, the widespread use of facial recognition technology in China has also sparked public and regulatory concerns about its potential misuse and abuse. Some examples of controversial cases include:
- In 2019, a Chinese professor sued a wildlife park for using facial recognition to scan his face without his consent and replacing his existing fingerprint-based entry card.
- In 2020, a Chinese woman filed a lawsuit against a shopping mall for using facial recognition to capture her image without her permission and displaying it on a large screen along with her personal information.
- In 2021, a Chinese court ruled that a zoo had violated a visitor's privacy rights by using facial recognition to identify him and deduct money from his online payment account without his authorization.
In response to these incidents and growing public awareness of the risks of facial recognition technology, China's cyberspace regulator, the Cyberspace Administration of China (CAC), issued draft rules on August 8, 2023 to oversee the security management of facial recognition technology in the country.
The draft rules aim to regulate the collection, storage, use, and sharing of facial information by individuals and organizations that provide or use facial recognition technology. The main points of the draft rules are:
- Facial recognition technology can only be used to process facial information when there is a specific purpose and sufficient necessity, and with strict protective measures.
- The use of facial recognition technology requires the individual's consent, which can be expressed explicitly or implicitly. Explicit consent means that the individual agrees to provide or use facial information after being informed of the purpose, method, scope, and consequences of doing so. Implicit consent means that the individual voluntarily provides or uses facial information after being clearly notified of the option to refuse or withdraw consent.
- Non-biometric identification solutions should be favored over facial recognition in cases where such methods are equally effective.
- Image-capturing and personal identification devices should not be installed in hotel rooms, public bathrooms, changing rooms, toilets, and other places that may infringe upon others' privacy.
- Image-capturing devices should be installed in public places for only public safety purposes and with prominent warning signs next to them.
- Individuals and organizations that provide or use facial recognition technology should establish and implement security management systems, conduct regular risk assessments, adopt encryption and anonymization techniques, and report any security incidents or breaches to the relevant authorities.
- Individuals have the right to access, correct, delete, or withdraw their facial information from any individuals or organizations that provide or use facial recognition technology. They also have the right to file complaints or lawsuits against any violations of their rights or interests.
The draft rules are open for public consultation until September 7, 2023. The CAC said that it welcomes feedback from all sectors of society to improve the draft rules and ensure the lawful and orderly development of facial recognition technology in China.
The draft rules are part of China's effort to tighten data regulation by issuing an array of rules and laws in recent years. Most notably, China introduced its first law focusing on user privacy, the Personal Information Protection Law (PIPL), in 2021 in a bid to rein in companies' overuse of user data. The PIPL stipulates that personal information processors must obtain user consent before collecting, processing, or transferring personal data. It also grants users the right to access, correct, delete, or withdraw their personal data from any personal information processors.
The draft rules on facial recognition technology are expected to complement the PIPL and provide more specific guidance on how to protect user privacy and security in relation to biometric identification. However, some experts have pointed out that there are still some challenges and uncertainties in implementing and enforcing the draft rules. For example:
- How to define and measure the necessity and effectiveness of using facial recognition technology in different scenarios?
- How to ensure that users are fully informed and aware of their rights and options when giving or withdrawing consent?
- How to balance the interests and responsibilities of different stakeholders involved in providing or using facial recognition technology?
- How to deal with cross-border data transfers and international cooperation on facial recognition technology?
These questions will require further clarification and discussion among the regulators, the industry, the academia, and the public before the draft rules can become official and operational. The draft rules are a positive step towards addressing the ethical and legal issues of facial recognition technology in China, but they are not the final solution. As facial recognition technology continues to evolve and expand, so should the rules and regulations that govern it..
Source: