Face biometrics legal landscape shifting with restrictions in China, police guidance in UK
Tianjin, a city of more than 12 million in Northern China, has passed a set of new local rules largely prohibiting biometric data collection by private entities, Caixin Global reports.
The ban, which comes in the form of new social credit regulations, applies to credit service providers and industry associations, and takes effect January 1, 2021. Other personal data, including religious beliefs, blood type and medical history is also protected. Companies will be able to collect personal data with the subject’s consent, according to SupChina, though other reports seem to indicate that face, fingerprint, and voice biometric data will still be off-limits.
New York-based SupChina reports that public attention to private sector biometrics use has come to a head with a viral video of a man wearing a motorcycle helmet to avoid being identified by facial recognition at a real estate exhibition.
Costa Rica considers national biometric database
Costa Rica’s legislature is considering a bill to establish a national biometric database, which would include all citizens above 12 years old, as well as foreign residents and those visiting on visas, The Tico Times writes.
The registration of Costa Ricans would be carried out by the Supreme Electoral Tribunal, while the General Directorate of Migration and Foreigners would be responsible for adding foreigners’ data to the same repository when issuing identification documents.
Police from the Ministry of Public Security, the Public Ministry and the General Directorate of Migration and Immigration will have access to the database, referred to as the Unique Biometric identification Repository, if the law passes, along with Judicial investigators. The mechanisms for their queries are to be worked out with the Electoral Tribunal.
The Supreme Electoral Tribunal’s National Platform for Biometric Identification will also be made available for identity verification by various public and private sector institutions, according to the bill. The bill also authorizes funding for the platform. Informed consent, as stipulated in Costa Rica’s data protection law, will not apply to the national biometric platform.
The bill would also block the government from allocating any resources to any separate biometric platform or database, though it exempts some law enforcement agencies from that limitation.
Europe’s regulatory landscape still offers facial recognition startup opportunities
Meanwhile, the status of facial recognition in the EU under GDPR, and what companies can and cannot do with the technology, is examined by EU-Startups.com.
The publication notes that new forms of “selfie payment” are on the horizon, and points out that facial recognition has been applied successfully, and seemingly in accordance with GDPR, in healthcare, for patient identification, and security and law enforcement. EU-Startups also mentions KYC for retailers and others as the area which may hold the most potential, but describes the application in terms of in-person shopping, as opposed to remote user onboarding.
Key concepts to keep in mind, the report says, include proportionality and the difference between authentication and identification, but it also warns that the regulation is likely to change, based on the European Commission’s deliberations.
Indian police decline to share information on deployments
In India, the Internet Freedom Foundation’s (IFF’s) Project Panoptic continues to make waves, with police departments in Delhi and Kolkata claiming they are exempt from any requirements to share the data requested by the rights organization, according to its latest update.
Delhi Police referred to a clause in the Right to Information Act that applies to the disclosure of information “which would harm the competitive position of a third party,” while Kolkata Police referred to a different clause in the act, identifying itself among “certain organisations (sic)” exempt from the act.
Telangana State Election Commission told IFF that it has no plans to improve the 80 percent accuracy rate achieved by its facial recognition system for verifying the identity of voters in a mobile app.
UK Commissioner issues new guidance
UK Surveillance Camera Commissioner Tony Porter has issued guidance for police in the country on the use of Live (or real-time) Facial Recognition (LFR).
The 72-page guidance document, titled ‘Facing the Camera’, has been issued to all police forces in English and Wales, according to the announcement. It represents the first guidance issued since the ruling against the legality of LFR’s use by South Wales Police.
The report urges forces to seek legal guidance before establishing programs with real-time, public-facing facial recognition, which is one of the ‘golden threads’ of the document, along with the importance of safeguards on the exercise of police discretion, along with “equality, transparency and accountability for decision making” and “publicly accessible policies.” Sections cover human rights and applicable laws, governance concepts and processes, the integrity of evidence produced with the biometric technology, and public engagement.
“Over the 7 years I have been Commissioner I have continually said that the police should be able to use technology to keep us safe and secure but this must be balanced against our civil liberties and the law,” Porter said. He also referred to the decision by the High Court on the use of the technology by South Wales Police, and continued, “The guidance I’ve issued today will help forces who want to use LFR identify how to do so in accordance with the current legal framework.”
“Where there is a proportionate need to deploy intrusive technology, it is right that the police have the guidance to do that – Facing the Camera will go some way to help them before decisions are made to deploy.”