Vision for effective face biometrics regulation presented in World Privacy Forum paper
The way to mitigate risks to privacy and other rights from biometric facial recognition systems is to enact regulator-approved codes of conduct and restricted use regulations for the technology, rather than relying on limited legislative controls and outright bans, according to a new discussion paper from the World Privacy Forum. Bans with regular reviews may also be part of a robust risk-mitigation strategy, according to the new 9-page paper on ‘Face Recognition Systems: Expanding solutions by using time-tested safety models to address face recognition risks.’
The central ideas expressed in the paper were also presented during ID4Africa’s ‘Spotlight on Face Recognition’ webinar, and are based on the observation that many materials and technologies pose safety risks, but are used in countries around the world in accordance with carefully crafted protections. Some of those protections can also be applied to face biometrics. The result would be more of what World Privacy Forum Executive Director Pam Dixon calls a “matured solution continuum for face recognition.”
The important point, Dixon writes, is that a more compete toolset can be used to mitigate risk from facial biometrics, and perhaps other modalities, “in a more systematic, data-driven, effective, and non-adversarial manner.”
Concerns have been frequently expressed in various communities about the potential of face recognition to be used to undermine rights such as to privacy or free assembly, but also the uneven performance of many algorithms for different demographics, or “bias.”
The paper suggests that existing best practice guides, such as the Biometrics Institute’s ‘Ethical Principles for Biometrics’, can be used to create practical codes of conduct for implementation and enforcement. Data Protection Authorities and other regulators may find work in this area fruitful, the paper advises.
Regulatory models in other areas, such as dangerous chemicals, do include bans, but they are not ad hoc or political, according to the World Privacy Forum. Instead, they are arrived at through multi-stakeholder consultations and by reference to established science. Such regulations are in place nationally, but also monitored by international institutions, such as the World Health Organization.
The paper goes on to discuss several models for chemicals regulation from around the world.
Both more best practices and more bans would be ineffective in the long term, and even the middle term, the paper concludes. Instead, controls that apply to the lifecycle of biometric face recognition systems must be established, and regulations should take the full ecosystem of data and biometrics into account.