[IDG] Web companies using facial recognition technology should avoid identifying anonymous images of consumers to someone who could not otherwise identify them, unless the companies have the consumers’ consent, a U.S. Federal Trade Commission report said.Companies using facial recognition software should also obtain consumer consent before using images or any biometric data in a different way than they originally represented when they collected the data, the FTC said in guidelines for the use of facial recognition software released Monday.
http://www.pcworld.com/article/2012826/ftc-companies-should-limit-facial-recognition-in-some-cases.htmlAlso see:FTC Recommends Best Practices for Companies That Use Facial Recognition Technologies [news release]
The Federal Trade Commission today released a staff report “Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies” for the increasing number of companies using facial recognition technologies, to help them protect consumers’ privacy as they use the technologies to create innovative new commercial products and services.Facial recognition technologies have been adopted in a variety of contexts, ranging from online social networks and mobile apps to digital signs, the FTC staff report states. They have a number of potential uses, such as determining an individual’s age range and gender in order to deliver targeted advertising; assessing viewers’ emotions to see if they are engaged in a video game or a movie; or matching faces and identifying anonymous individuals in images.Facial recognition also has raised a variety of privacy concerns because – for example – it holds the prospect of identifying anonymous individuals in public, and because the data collected may be susceptible to security breaches and hacking.”Fortunately, the commercial use of facial recognition technologies is still young. This creates a unique opportunity to ensure that as this industry grows, it does so in a way that respects the privacy interests of consumers while preserving the beneficial uses the technology has to offer,” the FTC staff report states.The FTC staff report recommends that companies using facial recognition technologies:
- design their services with consumer privacy in mind;
- develop reasonable security protections for the information they collect, and sound methods for determining when to keep information and when to dispose of it;
- consider the sensitivity of information when developing their facial recognition products and services – for example, digital signs using facial recognition technologies should not be set up in places where children congregate.
The staff report also recommends that companies take steps to make sure consumers are aware of facial recognition technologies when they come in contact with them, and that they have a choice as to whether data about them is collected. So, for example, if a company is using digital signs to determine the demographic features of passersby, such as age or gender, they should provide clear notice to consumers that the technology is in use before consumers come into contact with the signs.In another example cited in the report, FTC staff recommends that social networks using facial recognition features should provide consumers with clear notice about how the feature works, what data it collects, and how that data will be used. They also should provide consumers with an easy to use choice not to have their biometric data collected and used for facial recognition, and the ability to turn the feature off at any time and have the biometric data previously collected from their photos permanently deleted.Finally, the report states, there are at least two scenarios in which companies should get consumers’ affirmative consent before collecting or using biometric data from facial images. First, they should obtain consent before using consumers’ images or any biometric data in a different way than they represented when they collected the data. Second, companies should not use facial recognition to identify anonymous images of a consumer to someone who could not otherwise identify him or her, without obtaining the consumer’s affirmative consent first.The report follows the Commission’s December 8, 2011, workshop, “Face Facts: A
Forum on Facial Recognition Technology,” which addressed a variety of current and potential future uses of facial recognition technologies and the privacy and security issues they raise, and more than 80 comments that were filed with the agency following the workshop. It also builds on the three core principles outlined in the Commission’s March 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change”: privacy by design, simplified consumer choice, and transparency.”The recommended best practices contained in this report are intended to provide guidance to commercial entities that are using or plan to use facial recognition technologies in their products and services. However, to the extent the recommended best practices go beyond existing legal requirements, they are not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC. If companies consider the issues of privacy by design, meaningful choice, and transparency at this early stage, it will help ensure that this industry develops in a way that encourages companies to offer innovative new benefits to consumers and respect their privacy interests,” the report states.The Commission vote to release the staff report was 4-1, with Commissioner J. Thomas Rosch issuing a separate, dissenting statement.