The U.S. Federal Trade Commission has released "best practices" guidelines for companies that use facial recognition technology.
For many of us, tagging friends on Facebook or handing over biometric information may not seem like such a big deal -- but that information, stored on servers worldwide, can sometimes border on privacy infringement. Commercially, it's no longer a rare thing for such technology to be used -- but as adoption expands, if agencies wish to protect consumer rights, guidelines at the least should be implemented.
The new FTC report, titled "Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies," is aimed at guiding businesses through the murky waters of using facial recognition for innovative products, but at the same time maintaining consumer privacy and rights.
The FTC notes (emphasis mine):
"[The report is] intended to provide guidance to commercial entities that are using or plan to use facial recognition technologies in their products and services. However, to the extent the recommended best practices go beyond existing legal requirements, they are not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC."
The Commission's recommendations include:
- Companies should design their services with consumer privacy in mind;
- They should develop "reasonable security protections" for data collection, and maintain sound methods over what information to keep, and what to discard;
- The sensitive nature of information should be considered -- as an example, using facial recognition technology near children, changing rooms or toilets isn't advisable;
- Finally, consumers should be well-informed when facial recognition technology is being used, and they should control what data is collected.
Where social media comes into play, the FTC report suggests that any network which uses facial recognition technology -- such as Facebook's tagging feature -- should provide users with clear guidelines stating how the service works, what data is collected, and how the information will be used in the future.
Going further, the Commission wants consumers to have the option to turn off gesture recognition technology features and delete any previously collected information permanently.
There are two cases where the FTC believes that companies should get a "consumer's affirmative consent" before collecting any kind of biometric data based on facial images. First, when identifying anonymous individuals to third parties that wouldn’t otherwise know who they were, and second, when using any data for purposes outside of what was initially represented.
Social networks, digital signs and mobile apps often use facial recognition technology. However, due to advances over the last decade, it has also been used to predict consumer behavior patterns in retail stores, to see if customers are engaged by detecting emotional changes, and identifying anonymous parties wherever surveillance cameras exist.
Consider Chicago-based startup Scenetap. The firm has combined "anonymous" facial recognition technology in venues with mobile technology so socialites can choose where next to go on a Friday based on their preferences -- from male-to-female ratio, current capacity, "scene" and the average age of customers. This information is all provided through cameras in different venues, but you have to wonder how many customers are aware they are being profiled.
This kind of data may also be susceptible to cyberattacks or security breaches, and this has to be kept in mind when technological advances are made.
According to the FTC, if companies choose to consider the issues of privacy, choice and transparency in the fledgling stage of facial recognition technology, it will help ensure that the industry develops in a positive way -- namely, innovative product and service development that also respects consumer privacy as much as possible.
This post originally appeared on ZDNet.