China on Tuesday launched a nationwide initiative to solicit public opinions on regulations specifically targeting facial recognition technology. This marks the first time that China has sought to establish comprehensive guidelines for the use of the technology at a national level.
The move comes as facial recognition technology has become increasingly prevalent in sectors including public security, finance and transportation. While the technology offers convenience and efficiency, concerns have been raised regarding its potential misuse and infringement on personal privacy.
The draft regulations, released by the Cyberspace Administration of China (CAC), are expected to strike a balance between promoting the development of facial recognition technology and safeguarding individuals' privacy. In order to regulate the application of facial recognition technology, protect personal information and other personal and property rights and interests, while also maintaining social order and public safety, the draft says its provisions are formulated in accordance with China's Network Security Law, the Data Security Law, the Personal Information Protection Law and other laws.
The regulations propose strict requirements for the collection, storage, and use of facial recognition data.
According to the draft regulations, organizations using facial recognition technology must obtain informed consent from individuals before collecting their facial data. They must also clearly state the purpose and scope of data collection, and ensure that the data is used solely for that stated purpose.
In addition to maintaining national security, public safety or protecting life, health and property safety of natural persons in emergency situations, or to obtain individual consent, no organization or individual may use facial recognition technology to analyze sensitive personal information such as race, ethnicity, religious belief, health status, social class, the draft says.
Additionally, organizations are required to establish strict data protection measures to prevent unauthorized access or leakage.
The draft says any entities or users which stock more than 10,000 facial recognition data sets should file with the cyberspace authorities at or above the municipal level within 30 working days.
The regulations also address concerns over the potential abuse of facial recognition technology.
Hotels, banks, railway stations, airports, sports venues, exhibition halls, museums, art galleries, libraries and other business venues, may not force, mislead and coerce individuals to accept face recognition technology to verify their personal identity, unless stipulated by law or administrative regulations that they should use facial recognition technology to verify personal identity.
Hotel rooms, public bathrooms, fitting rooms, toilets and other places that may infringe others' privacy shall not be installed with image acquisition and personal identification equipment.
In addition to legal conditions or individual consent, facial recognition technology users may not save face original images, pictures, videos, except anonymized facial information.
The draft states that to achieve the same purpose or to achieve the same business requirements, it should be preferred to using non-biometric feature recognition technology solutions.
The use of facial recognition technology to verify personal identity and identify specific natural persons is encouraged to prioritize the use of authoritative channels such as basic information relating to the national population basic information database and national network identity authentication public services.
The draft proposes that facial recognition technology users who process the data relating to minors under the age of 14 shall obtain the separate consent or written consent of the minors' parents or other guardians.
According to the draft, facial recognition technology users or related products, service providers in violation of this provision shall be given penalties for public security administration according to laws. If the case constitutes a crime, their criminal responsibility shall be investigated according to law.
Also, parties that violate these provisions and cause damage to others shall bear civil liability according to law.
The public consultation period for these regulations will last for one month, during which individuals and organizations are encouraged to provide feedback and suggestions. The CAC aims to gather a wide range of opinions to ensure that the regulations reflect the concerns and interests of the public.
China's initiative to seek public comment on facial recognition technology regulations demonstrates the government's commitment to addressing the ethical and privacy concerns associated with this technology. By involving the public in the decision-making process, China aims to create a regulatory framework that promotes the responsible and transparent use of facial recognition technology.
Once the public consultation period concludes, the CAC will review the feedback received and make necessary revisions to the draft regulations. The final version of the regulations is expected to be released in the near future.