Privacy Principles for Responsible Use of
Facial Recognition Technology (FRT)
The Privacy Principles for Facial Recognition Technology (FRT) have been designed to encourage responsible data practices by businesses and online platforms that develop and utilize FRT in commercial settings. These principles encompass the following key aspects:
1.Consent: Enterprises should obtain clear and affirmative consent when enrolling individuals in programs that utilize FRT for verification or identification purposes, especially when sharing such data with third parties who wouldn’t otherwise know the individual’s identity.
2.Use: Businesses should commit to collecting, using, and sharing facial recognition data in ways that align with reasonable consumer expectations for the context in which the data was originally collected.
3.Transparency: Enterprises must provide consumers with meaningful information about how facial recognition software templates are created and how such data will be used, stored, shared, maintained, and eventually disposed of.
4.Data Security: Robust data security measures should be in place, designed to protect personal information against risks like unauthorized access, unintended disclosure, or inappropriate use. These safeguards should match the sensitivity of the information.
5.Privacy by Design: In addition to policy, legal, and administrative measures, businesses should implement technical controls that support or enforce compliance with these principles.
6.Integrity and Access: Measures should be taken to maintain the accuracy of facial recognition data. Individuals should have the opportunity to review, request correction of inaccurate identity labeling, and request the deletion of their facial recognition data.
7.Accountability: Enterprises are responsible for ensuring that their use of FRT and data, whether conducted internally or in partnership with third-party service providers or business partners, aligns with these principles.
1.Consent: Enterprises should obtain clear and affirmative consent when enrolling individuals in programs that utilize FRT for verification or identification purposes, especially when sharing such data with third parties who wouldn’t otherwise know the individual’s identity.
2.Use: Businesses should commit to collecting, using, and sharing facial recognition data in ways that align with reasonable consumer expectations for the context in which the data was originally collected.
3.Transparency: Enterprises must provide consumers with meaningful information about how facial recognition software templates are created and how such data will be used, stored, shared, maintained, and eventually disposed of.
4.Data Security: Robust data security measures should be in place, designed to protect personal information against risks like unauthorized access, unintended disclosure, or inappropriate use. These safeguards should match the sensitivity of the information.
5.Privacy by Design: In addition to policy, legal, and administrative measures, businesses should implement technical controls that support or enforce compliance with these principles.
6.Integrity and Access: Measures should be taken to maintain the accuracy of facial recognition data. Individuals should have the opportunity to review, request correction of inaccurate identity labeling, and request the deletion of their facial recognition data.
7.Accountability: Enterprises are responsible for ensuring that their use of FRT and data, whether conducted internally or in partnership with third-party service providers or business partners, aligns with these principles.