FTC Issues Facial Recognition Use Guide

Best Privacy Practices for Facial Recognition Technology Use
FTC Issues Facial Recognition Use Guide

Imagine sitting in a bar as a stranger snaps a photo of you, and then uses that image to find out who you are, employing facial recognition technology on a social network. It's the type of practice that the staff of the U.S. Federal Trade Commission wants to discourage.

See Also: Managing Digital Risk and Compliance in Financial Services

The FTC on Oct. 22 issued a report entitled Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies, as a reminder to businesses and other organizations to protect consumer privacy as they utilize the biometric technology to invent innovative commercial products and services.

Sen. Jay Rockefeller, the West Virginia Democrat who chairs the Senate Commerce, Science and Transportation Committee, hints in a statement that Congress could take action should businesses abuse facial recognition technologies to harm consumers' privacy protections, especially online.

"The FTC report highlights these potential dangers, such as specifically recognizing and tagging otherwise anonymous people in photographs, and gives companies practical advice on how to use facial recognition technologies," Rockefeller says. "I hope companies will heed this advice and implement best practices that place a premium on consumer privacy, especially protecting the basic privacy of individuals who haven't even consented to the company's use of facial recognition. ... I fully intend to monitor how facial recognition technologies are increasingly adopted and used as a commercial practice."

Among the FTC's recommendation is that companies using the technology should:

  • Design services with consumer privacy in mind;
  • Develop reasonable security protections for the information they collect, and sound methods for determining when to keep information and when to dispose of it;
  • Consider the sensitivity of information when developing their facial recognition products and services - for example, digital signs using facial recognition technologies should not be set up in places where children congregate.

Giving Consumers a Choice

According to the report, companies should take steps to ensure consumers are aware of facial recognition technologies when they come in contact with them, and that they have a choice as to whether information about them is collected. The FTC provides the following example: If a company uses digital signs to determine the demographic features of passersby, such as age or gender, they should provide clear notice to consumers that the technology is in use before consumers come into contact with the signs.

In a different circumstance, FTC recommends that social networks using facial recognition features should provide consumers with clear notice about how the feature works, what data it collects and how that data will be used. Consumers also should be provided with an easy to use choice not to have their biometric data collected and used for facial recognition. Consumers should have the ability to turn the feature off at any time and have the biometric data previously collected from their photos permanently deleted.

The FTC also identifies at least two scenarios in which companies should get consumers' affirmative consent before collecting or using biometric data from facial images. First, they should obtain consent before using consumers' images or any biometric information in a different way than they represented when they collected the data. Second, companies should not use facial recognition to identify anonymous images of a consumer to someone who could not otherwise identify him or her, without obtaining the consumer's affirmative consent first, such as the unwitting bar patron whose image was surreptitiously photographed.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.