U.S. Congress moves to regulate facial recognition technology
The Commercial Facial Recognition Privacy Act has been introduced in the U.S. Senate with bipartisan sponsorship from Senators Brian Schatz (D-HI) and Roy Blunt (R-MO), in the first major move for federal regulation of biometrics technology in the country. The act would require third-party testing for any technology introduced into the market to ensure it meets standards for accuracy and bias, and also require businesses to inform consumers about their use of facial biometrics and obtain their consent.
“Our faces are our identities. They’re personal. So the responsibility is on companies to ask people for their permission before they track and analyze their faces,” said Senator Schatz in an announcement. “Our bill makes sure that people are given the information and – more importantly – the control over how their data is shared with companies using facial recognition technology.”
Schatz is the Ranking Member of the Senate Subcommittee on Communications, Technology, Innovation, and the Internet.
The Senators express concern in the announcement that the public is largely unaware of the growing prevalence of facial recognition (FR) technology, and the disclosure of personally identifiable information with third parties. The bill would also require consent for redistributing or disseminating facial recognition data, and clearly defines data controllers and data processors to make their requirements clear. Facial recognition providers would also have to meet standards for data security, minimization, and retention, which would be determined by the Federal Trade Commission (FTC) and NIST.
“Consumers are increasingly concerned about how their data is being collected and used, including data collected through facial recognition technology,” comments Blunt. “That’s why we need guardrails to ensure that, as this technology continues to develop, it is implemented responsibly. This bill increases transparency and consumer choice by requiring individuals to give informed consent before commercial entities can collect and share data gathered through FR. This legislation is an important step toward protecting privacy and empowering consumers, and I encourage all of my colleagues to support it.”
The bill is supported by Microsoft President Brad Smith, who has been among many people calling for government regulation at the federal level, beginning with a July blog post.
“Facial recognition technology creates many new benefits for society and should continue to be developed,” Smith says in the announcement. “Its use, however, needs to be regulated to protect against acts of bias and discrimination, preserve consumer privacy, and uphold our basic democratic freedoms.”
“The Commercial Facial Recognition Privacy Act recognizes that face recognition is a powerful and invasive new technology,” said Chris Calabrese, Vice President for Policy at the Center for Democracy & Technology. “We deserve clear rules and limits on how our faces can be analyzed, identified, and tracked over time. While face recognition is improving rapidly, we must ensure these technologies are assessed for accuracy and bias. This bipartisan proposal will help all Americans know more about how businesses are deploying and using face recognition technologies.”
Washington’s State Senate recently took matters into its own hands by passing a state-level regulatory bill similar to Illinois’ BIPA. At the federal level, DHS is also facing a bi-partisan call from senators to pause its roll-out of the facial recognition-based Biometric Entry/Exit program.