As the rapid deployment of facial recognition and other biometric technologies in the public sphere increases, people are interested in safeguarding their privacy, protecting their personal data, and maintaining their freedom while also benefiting from the increased security of facial recognition technology.
As technology advances, so does the potential for facial recognition to improve our daily lives. With its ability to enhance security and streamline identification processes, it’s no wonder that this technology is becoming increasingly integrated into our daily routines. However, as with any technological advancement, it’s important to carefully consider its potential impact on personal privacy.
Fortunately, a growing number of concerned individuals and organizations are raising awareness of the potential risks and calling for the responsible deployment of facial recognition technology. By promoting transparency and accountability in the development and deployment of these tools, we can ensure that they are used ethically and without bias.
As we navigate this rapidly evolving landscape, it’s important to remember that with proper safeguards in place, facial recognition technology has the potential to provide enormous benefits to society. By working together to find the right balance between technological advancement and personal privacy, we can build a brighter, more secure future for all.
Let’s cover the important role that biometric vendors will play in shaping the future of adoption. What responsibility should they bear when their technology is misused? Should they be subject to new regulations, and how should such rules be enforced?
Three guiding principles for biometric vendors
Despite some privacy concerns, most people recognize the many benefits of the convenience and safety that can be realized from facial recognition technology. A recent YouGov survey, sponsored by CyberLink, found that more than half (54%) of individuals who initially expressed reluctance about facial recognition said that they would now be willing to use it provided they felt their personal data was being properly safeguarded. A substantial percentage (42%) also said they would consider it for improved safety at their home and workplace and for convenience if it reduced time spent waiting in line (45%) or if it allowed them to get what they needed faster and more conveniently (43%).
As the conversation about the potential of facial recognition technology evolves, we have the opportunity to explore its boundaries and discover its possibilities. Below I’ve outlined three guiding principles for deploying facial recognition in an ethical and responsible manner.
1. Provide guidance on the current biometric legal landscape
Recent headlines can make security professionals leery of looking to biometrics solutions, but every single case could have been avoided with a better understanding of how to properly implement these biometric solutions. As leaders in the industry, it is incumbent on us to properly inform potential customers of simple steps that can remove the fear they have of using biometrics.
Fortunately, all of the laws governing the use of biometrics are very similar, so knowing what you need to do — in the proper order and timing — can make all the difference. Most infractions arising from the use of biometric identification solutions have been due to implementing the solution before properly informing the users.
To avoid this, any company using biometrics should create a biometric usage policy that clearly outlines what types of biometrics will be collected, how that information will be used, for how long, how the data will be protected and how the data will be purged when it is no longer used or when the employee biometrics are no longer needed. Once this policy is written, it must be publicly disseminated to all users before any biometric data is collected.
The best policies transparently explain the benefits for all end users — that biometrics improve a facility’s security while providing an improved user experience — but also give employees the choice of whether to participate, which is the topic of the next section.
2. Consent should be explicit and informed
Obtaining informed consent is a pillar of modern data privacy frameworks such as the General Data Protection Regulation (GDPR). However, securing informed consent from each individual passing through a public square is obviously a very different use case than obtaining consent from an online user or for a person needing or wanting physical access to a facility or secure area. While frameworks for how facial recognition should be implemented are still being defined, existing data privacy laws are providing guidance about what policies should be in place, the processes and timing for collection of consent, the retention and deletion of data, and the individual’s rights.
For instance, visible signs can be placed in public areas under surveillance, informing people that cameras are in use and outlining their purpose. Likewise, privacy policies and guidelines regarding the use of facial recognition detailing how the collected data will be used, stored and shared should be developed and clearly posted. These efforts will ultimately educate and raise awareness of the presence of cameras. This will allow individuals to make a more informed decision about entering a monitored area.
In a business environment where biometric data is used for access control, whether physical or online, compliance with privacy frameworks can be simple if the organization follows the right processes and timelines for communicating policies, gaining written consent, and implementing the appropriate processes for securely storing data and for retention and deletion of that data.
3. Biometric data should be secure and minimized
Responsible facial recognition will only be fully realized if it ensures that the privacy and civil liberties of individuals are being properly safeguarded. This may include measures such as limiting how long biometric data is retained, enforcing strong data encryption measures, and implementing strict access controls to further protect sensitive information from unauthorized access, misuse or breaches.
Additionally, anonymizing techniques, like blurring or pixelating identifiable features, can be employed to minimize the risk of privacy violations when data is being processed or shared. Just as GDPR has taken great pains to detail what businesses can and can’t do with an individual’s private data, U.S. regulators will likely be called upon to develop similar comprehensive guidelines for the use and handling of biometric facial recognition data.
Furthermore, it’s important that any regulatory frameworks mandate periodic audits and assessments of these vendors’ compliance with privacy standards to ensure ongoing adherence to best practices.
Of course, regulations alone won’t assuage all of these concerns. As the old saying goes, “Trust must be earned, not given,” and in order to earn that trust, biometric vendors would be wise to embrace and promote “privacy by design” principles. This means that vendors should bake in privacy considerations across every stage of their technology development process, from conceptualization to deployment. By adopting a proactive approach to privacy, vendors can help create solutions that inherently minimize risks to personal data while still delivering the improved physical safety and security and threat reduction benefits of facial recognition technology.
Ultimately, the secure and responsible handling of biometric data will be crucial in building public trust and acceptance of facial recognition technology. By proactively implementing robust security measures, minimizing data collection and retention and adhering to evolving regulatory frameworks, vendors can contribute to a more responsible and ethical future for facial recognition applications.
Tina D’Agostin is the CEO of Alcatraz AI.
The post 3 principles biometric vendors should embrace to promote trust in facial recognition technology appeared first on Venture Beat.