The Federal Trade Commission issued a report called "Facing Facts: Best Practices for Common Uses of Facial Recognition Technology," which provides privacy and security suggestions for companies that use or plan to use facial recognition technology. The report notes that the commercial use of facial recognition technologies is still young and that this creates a unique opportunity to encourage companies to protect consumers' privacy as they develop facial recognition products and services.
Facial recognition technologies have been adopted in a variety of contexts, ranging from online social networks and mobile apps to digital signs. According to the FTC's report, they have a number of potential uses, such as determining an individual's age range and gender in order to deliver targeted advertising; assessing viewers' emotions to see whether they are engaged in a video game or a movie; or matching faces and identifying anonymous individuals in images. These technologies also pose privacy challenges, including the ability to identify anonymous individuals in public and a susceptibility to security breaches and hacking.
The FTC staff report recommends that companies using facial recognition technologies:
Design their services with consumer privacy in mind.
Develop reasonable security protections for the information they collect, and establish appropriate retention and disposal practices for consumers' biometric information and images they collect.
Consider the sensitivity of information when developing their facial recognition products and services - for example, companies should consider carefully where to place digital signs equipped with cameras and avoid placing them in sensitive areas such as bathrooms, locker rooms, health care facilities, or places where children congregate.
Obtain affirmative express consent (1) before using consumers' images or any biometric data in a different way than they represented when they collected the data and (2) before identifying anonymous images of a consumer to someone who could not otherwise identify him or her. The FTC provided the example of a mobile app that allows users to identify strangers in public places, such as on the street or in a bar. If such an app were to exist, a stranger could surreptitiously use the camera on a mobile phone to take a photo of an individual who is walking to work or meeting a friend for a drink and learn that individual's identity - and possibly more information, such as his or her address - without the individual even being aware that his or her photo was taken. Given the significant privacy and safety risks that such an app would raise, only consumers who have affirmatively chosen to participate in such a system should be identified.
The report states that to the extent the recommended best practices go beyond existing legal requirements, they are not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC.
For more information about the content of this alert, please contact Ieuan Jolly or Thomas Jirgal.
Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.