Global data privacy regulators set resolution on facial recognition at annual meeting
Data privacy regulators from around the world have agreed to a resolution that personal information should be used for facial recognition only in accordance with a set of six principles.
More than 120 data protection authorities met for the 44th Global Privacy Assembly (GPA) in Istanbul, Türkiye. The four-day event was held under the theme of ‘A matter of balance – Privacy in the era of rapid technological advancement.’
Facial recognition should be deployed only on a clear legal basis, they say, with the deploying organization establishing its reasonableness, necessity and proportionality. Human rights assessments should be carried out, and the use of the biometric technology should be transparent to affected groups and individuals. Finally, the resolutions state that facial recognition should be used with clear and effective accountability mechanisms, and with respect for data protection principles.
The regulators also discussed cybersecurity and data breaches, according to an announcement from Canada’s Privacy Commissioner.
Canadian regulator backs report recommendations
Privacy Commissioner of Canada Philippe Dufresne says he will work with lawmakers on a review of legislation for private sector privacy regulations.
He was responding to the report recently put out by Canadian Parliament’s Standing Committee on Access to Information, Privacy and Ethics (ETHI). The report calls for a moratorium on the use of facial recognition by police and the private sector unless they are approved by the Privacy Commissioner.
Dufresne welcomed the report, and says it “confirms and reiterates the pressing necessity of ensuring the appropriate regulation of privacy impactful technologies such as facial recognition and artificial intelligence in a way that protects and promotes Canadians’ fundamental right to privacy.”
He notes that the report asserts a need for mandatory privacy impact assessments, enhanced oversight and reporting for greater transparency and accountability, echoing the resolution passed by the global privacy regulators’ meeting. The Commissioner also supports the report’s call for legal frameworks limiting facial recognition to protect privacy, and the modernization of laws for the public sector, as well as the private.
Further to that theme, Dufresne says he hopes Parliament will follow up its update of Bill-C27, which deals with the private sector, by updating the Privacy Act which covers the public sector.