China’s internet regulator says tech should only be used when there is a specific purpose and protective measures in place.
China has released draft regulations to govern the country's facial recognition technology.
According to the Cyberspace Administration of China (CAC), the purpose is to "protect the rights and interests of personal information and other personal and property rights, and maintain social order and public safety" as outlined by a smattering of data security, personal information, and network laws.
The draft rules are open for comment until Sept. 7 and specify that facial recognition tech must be used only when there is a specific purpose and sufficient necessity, strict protection measures are taken, and only when non-biometric measures won't do.
The draft rules allow broad use of biometric data for the purpose of maintaining national security, including analysing personal information such as race, ethnicity and religious beliefs.
The document forbids the misuse of facial recognition technology by entities and in public spaces including banks, airports, hotels, sporting facilities, museums and libraries.
It makes requirements to obtain consent before processing face information, except for cases where it's not required, which presumably could apply to prisoners and to cases involving national security. Parental or guardian consent is required for individuals under the age of 14.
The draft did not specify the law’s requirements, but said businesses should not require people to use facial recognition to receive better services.
Building managers can't require its use to enter and exit property – they must provide alternative measures of verifying a personal identity for those who want it.
Furthermore, those using facial surveillance techniques must display reminder signs, and personal images along with identification information must also be kept confidential, and only anonymized data may be saved.
In addition, all entities currently using the technology in a public space, or those that have more than 10,000 facial recognition records stored, will be required to register with their local internet regulator within 30 working days.
They will have to state their purpose for using the technology, and how they are handling and protecting the data of individuals.
The draft comes amid growing concerns over privacy and the overuse of facial recognition technology in China.
As the SCMP report points out, this technology is used in China in a variety of places, from public toilets (to prevent the theft of toilet paper) to streets (to publicly shame people caught jaywalking), and to surveil Uygurs and other minority groups in the far western Xinjiang region.
China has a vast network of 200 million CCTV cameras installed across the country. That compares to 50 million in the United States, according to the latest data from computer security site Precise Security.
Sources: SCMP, CNBC, The Register
