FTC promotes ‘privacy by design’ for facial recognition technologies
New FTC guidelines detail the responsible use of facial recognition technologies.
Facial recognition technology transitioned from science fiction storyline to mass market reality when Facebook rolled out its semi-automated photo-tagging feature in mid-2011. Since then, companies have been striving to develop the next great application of the technology while regulators and civil liberties advocates have been weighing in on the personal privacy implications. Following its December 2011 workshop dedicated to these issues, the Federal Trade Commission issued a new report detailing recommended best practices for balancing innovation and data protection when working with facial recognition technologies.
A nascent market
Although Facebook may have gained the most notoriety for its take on facial recognition, it is hardly the only company hoping to commercialize the innovation. Social networks, mobile applications and digital signs have all been popular contexts for the technology in recent months, and it is being used for an endless array of novel purposes. Facial feature detectors have been called upon to determine gender and age demographics that inform targeted ad campaigns, match faces held in databases and even assess emotional responses to video content.
Yet as the technology's popularity expands, so too do the privacy risks associated with the information being gathered. Critics have expressed their concerns that individuals may not know that their biometric data is being collected, and that it could be compromised by hackers or misappropriated by overzealous law enforcement officials.
"Fortunately, the commercial use of facial recognition technologies is still young," the FTC report stated. "This creates a unique opportunity to ensure that as this industry grows, it does so in a way that respects the privacy interests of consumers while preserving the beneficial uses the technology has to offer."
Safe from the start
Three primary principles underlie the FTC recommended practices, including privacy by design, simplified consumer choice and overall transparency.
The first concept speaks to the fact that mobile application developers or any other innovators working with facial recognition technology should hardwire privacy protections into their products and policies. By designing features with consumer privacy and the end-user experience already top of mind, companies can avoid a number of dangerous complications down the road.
One example provided by the report detailed an eyeglass manufacturer who allows consumers to upload photos of themselves and superimpose graphics to preview how certain frame styles might look on their face. Although the functionality and appeal of this service is clear, some of the first questions asked should be how and where these photos will be stored and protected, and how long will they be retained.
Consumers voluntarily supply their biometric data in the eyeglass scenario, but an alternate example provided by the FTC involving a beverage manufacturer's supermarket display signs better captures the complexity and significance of individual choice and consent.
First and foremost, advertisers working with demographic detection applications should ensure their signage is not placed in potentially sensitive areas such as bathrooms, healthcare facilities or locations "where children congregate." The supermarket scenario achieves this initial step, but the much trickier part involves informing consumers that their information is being captured and explaining how it is being used.
"At minimum, a notice should clearly state the purpose of the technology and indicate how consumers can find more information about the technology and the practices of the company operating the signs in that venue," the report stated. "A consumer who does not wish to have their data used in this manner is then able to choose not to shop at this particular store or avoid the location where the sign is placed."
FTC officials conceded that the guidelines are not legally binding, and in several ways actually go above and beyond current expectations. However, companies considering working with facial recognition technology would do well to take the recommendations under advisement.
Data Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet