It’s not new that Facial Recognition does work: London had built an extensive security apparatus around that in recent years. There is also no question that the technology itself has become very reliable, but what’s new is that it has made its way to consumer products and service at a rate never seen before. Recently, Facebook has added facial recognition to automatically “tag” photos, which created more notifications, which ultimately create more user interaction and page views.
Recent smartphones like the Samsung Galaxy Note 2 also has the ability to recognize people so that it’s faster to email/send them photos. Android devices can now auto-unlock using facial features (it works with photos too, so it’s not secure). But the point is that facial recognition is quickly becoming a technological commodity, which means that facial data may soon be readily available — which begs the question: how much control do you have over your facial recognition data? That’s why the FTC has stepped in with recommendations about how facial data should be collected, protected and used.
- design their services with consumer privacy in mind;
- develop reasonable security protections for the information they collect, and sound methods for determining when to keep information and when to dispose of it;
- consider the sensitivity of information when developing their facial recognition products and services – for example, digital signs using facial recognition technologies should not be set up in places where children congregate.
This is only the beginning, and while facial recognition can be used for many things that don’t really affect privacy (like gender-recognition for retail advertising), consumers should be made aware (and consent) that their biometric facial data is being collected and used. Users should be able to easily opt-out as well.
For instance, the FTC doesn’t recommend using the data for another purpose than the one presented to the user during acquisition. For example, a company shouldn’t ask for your facial data to “sort your personal photos”, then go and scrape every photo of you on the Internet or another site. Also, the FTC says that your data should not be used to help others find images of you.
What do you think? Is the FTC going far enough or do you have recommendations of your own?