NTIA group agrees on face recognition code of conduct
22 June 2016 13:00 GMT

A multi-stakeholder group that was formed by the National Telecommunications and Information Administration to work on best practices for commercial use of facial recognition technology has agreed a three-page code of conduct.

In a statement, the NTIA has said the best practices are intended to provide “a flexible and evolving approach to the use of facial recognition technology, designed to keep pace with the dynamic marketplace surrounding these technologies”.

The NTIA’s efforts were hit by controversy last year when a group of privacy advocates walked out on the talks.

The groups withdrew from the discussions because of what they described as an obstinate refusal by tech trade associations to concede on protections. A particular point of contention was the industry’s resistance to a rule that would require companies to obtain written consent before collecting and storing facial data, or “faceprints,” as they’re sometimes called.

While not covering the consent issue directly in guidelines, the NTIA states: “Covered entities [ie commercial, not government entities] that use facial recognition technologies to determine an individual’s identity are encouraged to provide the individual the opportunity to control the sharing of their facial template data with an unaffiliated third party that does not already have this information.”

The guidelines also recommend commercial organisations to:

  • Disclose their practices regarding collection, storage, and use of facial template data to consumers, including any sharing, retention, and de-identification policies;
  •  Provide notice to consumers where facial recognition is used on a physical premises;
  • Consider privacy concerns when developing data management programs;
  • Protect facial recognition data by implementing a program that contains administrative, technical, and physical safeguards appropriate to the entity’s size, complexity, the nature of its activities, and the sensitivity of the data;
  • Take reasonable steps to maintain the integrity of the data collected; and,
  • Provide a means for consumers to contact the entity regarding its use of the data.

The NTIA has been working on the process since President Barack Obama revealed plans in July 2014 to put the NTIA, part of the Commerce Department, in charge of developing privacy guidelines.

Other key issues were parties establishing and maintaining appropriate retention and disposal practices for the facial recognition data that they collect. Those NTIA began work on standards in February, in a similar process NTIA used to produce standards for mobile apps to disclose the data they collect.

Related articles

NTIA stresses progress in face recognition guidelines
21/03/16
NTIA presses on with commercial facial recognition talks
16/07/15
NTIA launches privacy multistakeholder process on use of facial recognition
04/12/13