Join top executives in San Francisco on July 11-12 to hear how leaders are integrating and optimizing AI investments for success. Learn more
As the rapid deployment of facial recognition and other biometric technologies in the public sphere increases, people are interested in protecting their privacy, protecting their personal data and preserving their freedom, while also taking advantage of the increased security of facial recognition technology.
As technology advances, so does facial recognition’s potential to improve our daily lives. With its ability to enhance security and streamline identification processes, it’s no wonder this technology is increasingly being integrated into our daily routines. However, as with any technological advancement, it is important to carefully consider the potential impact on privacy.
Fortunately, more and more concerned individuals and organizations are raising awareness of the potential risks and are calling for responsible use of facial recognition technology. By promoting transparency and accountability in the development and deployment of these tools, we can ensure that they are used ethically and without bias.
As we navigate this rapidly evolving landscape, it’s important to remember that facial recognition technology, with the right safeguards in place, has the potential to provide tremendous benefits to society. By working together to strike the right balance between technological advancements and personal privacy, we can build a brighter, safer future for all.
Let’s talk about the important role biometric vendors will play in shaping the future of adoption. What responsibility should they bear if their technology is misused? Should they be subject to new regulations, and how should these rules be enforced?
Three Guiding Principles for Biometric Vendors
Despite some privacy concerns, most people recognize the many benefits of convenience and security that can be realized with facial recognition technology. A recent youGov questionnaire, sponsored by CyberLink, found that more than half (54%) of those who initially expressed reluctance to use facial recognition said they would now be willing to use it, provided they believed their personal information was secure. were protected. A substantial percentage (42%) also said they would consider it for greater safety at home and at work and for convenience if it reduced waiting time in line (45%) or if it allowed them to move faster and more easily get what they needed (43%).
As the conversation about the potential of facial recognition technology evolves, we have the opportunity to explore its limits and discover its possibilities. Below I’ve outlined three guiding principles for using facial recognition in an ethical and responsible manner.
1. Provide advice on the current biometric legal landscape
Recent headlines can make security professionals wary of looking at biometric solutions, but every single case could have been avoided with a better understanding of how to properly implement these biometric solutions. As leaders in the industry, it is our job to properly educate potential customers about simple steps that can allay the fear of using biometrics.
Fortunately, all the laws governing the use of biometrics are very similar, so knowing what to do – in the right order and timing – can make all the difference. Most violations arising from the use of biometric identification solutions are due to implementing the solution before properly informing users.
To avoid this, any company that uses biometric data should establish a biometric use policy that clearly outlines what types of biometric data will be collected, how that information will be used, for how long, how the data will be protected, and how the data will be purged when it is no longer used or when the employee’s biometric data is no longer needed. Once this policy is written, it must be publicly distributed to all users before any biometric data is collected.
The best policy transparently explains the benefits to all end users – that biometrics enhances the security of a facility while providing an enhanced user experience – but also gives employees the choice of whether or not to participate, which is the subject of the next section.
2. Consent must be explicit and informed
Obtaining informed consent is a pillar of modern data privacy frameworks such as the General Data Protection Regulation (GDPR). However, obtaining informed consent from any individual passing through a public plaza is clearly a very different use case than obtaining consent from an online user or from an individual who needs or wants physical access to a facility or secure area. While frameworks are still being defined for how facial recognition should be implemented, existing data privacy laws provide guidance on what policies should be in place, the processes and timing for collecting consent, data retention and deletion, and the rights of the individual.
For example, visible signs could be placed in supervised public areas to inform people that cameras are in use and indicate their purpose. Similarly, privacy policies and guidelines regarding the use of facial recognition, describing how the collected data will be used, stored and shared, should be developed and clearly posted. These efforts will ultimately lead to education and awareness of the presence of cameras. This allows individuals to make a more informed decision about entering a monitored area.
In a business environment where biometrics are used for access control, both physical and online, compliance with privacy frameworks can be easy if the organization follows the right processes and timelines for communicating policies, obtaining written consent and implementing the right processes for safe storage of data and for the retention and deletion of that data.
3. Biometric data should be secure and kept to a minimum
Responsible facial recognition can only be fully realized if the privacy and civil liberties of individuals are properly safeguarded. These may include measures such as limiting the retention period of biometric data, enforcing strong data encryption measures and implementing strict access controls to further protect sensitive information from unauthorized access, misuse or breach.
In addition, anonymization techniques, such as blurring or pixelizing identifiable features, can be used to minimize the risk of privacy violations when data is processed or shared. Just as the GDPR has gone to great lengths to spell out in detail what companies can and cannot do with an individual’s private data, US regulators will likely need to develop similarly comprehensive guidelines for the use and handling of biometric facial recognition data.
In addition, it is important that all regulatory frameworks mandate periodic audits and reviews of these vendors’ compliance with privacy standards to ensure continued adherence to best practices.
Of course, regulation alone will not remove all these concerns. As the old saying goes, “Trust should be earned, not given,” and to earn that trust, biometric vendors would be wise to embrace and promote “privacy by design” principles. This means that vendors must include privacy considerations at every stage of their technology development process, from conceptualization to implementation. By taking a proactive approach to privacy, vendors can help create solutions that inherently minimize risk to personal data, while still providing the enhanced physical safety and security and mitigating the benefits of facial recognition technology.
Ultimately, the safe and responsible handling of biometric data will be crucial in building public trust and acceptance of facial recognition technology. By proactively implementing robust security measures, minimizing data collection and retention, and adhering to changing regulatory frameworks, vendors can contribute to a more responsible and ethical future for facial recognition applications.
Tina D’Agostin is the CEO of Alcatraz AI.