Canadian Privacy Commissioner says facial recognition risks not addressed in proposed law
Canada needs new regulation for facial recognition beyond the proposed update to private-sector privacy laws, according to Privacy Commissioner Daniel Therrien, who is calling for significant amendments to the legislation.
In a meeting of Canadian Parliament’s Standing Committee on Access to Information, Privacy and Ethics (ETHI) this week on the use and impact of facial recognition technology, Therrien criticized Bill C-11, the Consumer Privacy Protection Act (CPPA), as inadequate. He says CPPA adds business interests for consideration without adding any consideration of the effects on privacy introduced by new technologies.
A ruling against Clearview earlier this year prompted Therrien and Provincial Privacy Commissioners to call for stronger enforcement powers, and in his latest presentation Therrien expressed dissatisfaction with the company’s efforts to comply with Canadian law, saying it refused to delete Canadian’s photos.
“The Clearview case demonstrates how citizens are vulnerable to mass surveillance, facilitated by the use of facial recognition technology,” Therrien told the committee. “This is not the kind of society we want to live in. The freedom to live and develop free from surveillance is a fundamental human right.”
He also said that privacy is a precondition to other social rights, and that poor recognition of face biometrics can therefore endanger a range of other rights.
Therrien called for “collective reflection on the limits of acceptable use of” facial recognition, taking into account the aggregate effects of all initiatives making use of the technology.
Questioned about the Commissioner’s comments in Parliament, Minister of Public Safety and Emergency Preparedness Bill Blair said that the government values the Commissioner’s advice, but also that the government must balance between the needs of law enforcement and the rights of citizens.
Is PimEyes the next biometric boogeyman?
While Clearview is in some ways an outlier in the biometrics industry due to its data collection practices, but a similar service is offered by PimEyes, which is now offering its web-based service for between $29.99 and $299.99 a month, CNN reports.
PimEyes says it does not scrape social media sites, but returns images from business, media, and pornography sites. The company’s terms of service dictate that users are only allowed to search for themselves, but no mechanism is in place to confirm or enforce this practice.
CNN contacted PimEyes’ operators, who said the outlet was told the website was sold in 2020, that it stores templates rather than raw images, and that user-uploaded photos are deleted after two days and not used in biometric algorithm training.