Facial recognition applications
now link faces with other databases, allowing companies to identify anonymous
individuals and obtain their personal information without the consumer ever
knowing, thus raising privacy concerns.
In an effort to give companies
guidance and protect consumer privacy, the Federal Trade Commission (FTC)
released a pamphlet with Best Practices for Common Uses of Facial Recognition Technologies. The FTC urges facial
recognition developers to incorporate “privacy by design” into the technology
at every stage of development.
The FTC observes that facial
recognition “is quickly moving out of the realm of science fiction and into the
commercial marketplace.”
“In the most advanced
application, companies can use the technology to compare individuals’ facial
characteristics across different images in order to identify them,” the report
said. “In this application, an image of
an individual is matched with another image of the same individual. If the face in either of the two images is
identified—that is, the name of the individual is known—then, in addition to
being able to demonstrate a match between two faces, the technology can be used
to identify previously anonymous faces. This
is the use of facial recognition that potentially raises the most serious
privacy concerns because it can identify anonymous individuals in images.”
The FTC uses three examples to
demonstrate the issues with facial recognition technology. They are:
Facial Detection. An
eyeglass company allows consumers to upload their images on the company’s
website and then uses the facial detection to detect the face and eyes and
superimpose glasses. The company then
stores the image. The FTC notes that, under this scenario, the eyeglass company should take measures to protect the
security of the images to prevent unauthorized access. In addition, the company should dispose of
the images once they no longer are necessary and should also delete the images
if the consumer deletes her account. The
company also should notify the consumer if it uses the images for a different
purpose.
Digital Signs. Digital signs
in stores, bars, and other locations include hidden cameras that have the
ability to access the age range and gender of the consumer standing in front of
them. Using this information, the sign
then displays an advertisement targeted to those demographic
characteristics. The FTC’s best
practices would have the company secure the sign so that it could not be
hacked. The signs also should be placed
in non-sensitive areas and not where children congregate. The company should not store the
information. In addition, the FTC urges that
consumers be given notice that the technology is being used before the consumer
comes into the range of the sign.
Finally, if the company identifies the consumer by running the image
against a database of images identified by name, the company should first
obtain the consumer’s affirmative consent.
Online Social Networks. The
social network uses the technology to identify individuals in images that the
user uploads to find “friends” on the social network. The FTC recommends that this information be
encrypted and that users not be able to identify persons who are not their “friends”
on the network. The FTC also recommends that the social network not collect and store biometric data of non-users of
its service. The FTC further urges social networks to give clear notice—outside their privacy policy—about how
facial recognition is used on the network and what data it collects and provide users with “an
easy to find, meaningful choice not to have their biometric data collected and
used for facial recognition,” as well as “the ability to turn off the
feature at any time and delete any biometric data previous collected from their
tagged photos.”
The FTC states that if companies
abide by the best practices for facial recognition, they will “promote
consumer trust and ensure the continued growth” of the industry.