A regulation aiming to standardize the use of facial recognition technology and protect personal data was unveiled on Friday, as the increasingly wider application of the security-related tech sparks growing concerns over potential privacy violations in China.
The regulation, jointly issued by the Cyberspace Administration of China and the Ministry of Public Security, will come into effect on June 1. It clarifies that the use of the technology should abide by the law, and must not harm national security, public welfare and the legal interests of individuals.
Facial recognition technology needs to be used when it is necessary, and should be used in a way that imposes the least intrusion on personal rights and interests, it states, adding that data collected through the technology must be strictly protected.
Before applying the technology, one is required to inform individuals whose facial data will be collected in a clear manner and using easy-to-understand language that is "truthful, accurate and complete" concerning a variety of matters.
Such matters include the data collectors' names and contact information, the reason for collecting such data, how the data will be processed and how long the data will be preserved, the regulation stated.
Neither organizations nor individuals are allowed to verify people's identities through facial recognition technology by misleading, dishonest or coercive tactics, nor may they install facial recognition equipment in private spaces, such as hotel rooms, bathhouses, changing rooms and restrooms, it said.
The regulation also calls for the application of measures such as data encryption, security auditing, access control and intrusion detection to protect the collected facial recognition information.
In addition, occasions where the information is processed for the purpose of research and development of facial recognition technology and algorithm training are not subject to the regulation.
"Facial content is sensitive personal information, which, once leaked, will easily impose major harm on the safety of people and their property, and even threaten public security," the administration said. It added that the regulation has made it clear that facial recognition technology must not be the only method used when other methods of identity verification are available and sufficient for achieving the same purpose.
People who do not agree to undergo facial recognition should be provided with alternative reasonable and convenient verification methods, the administration said. It pointed out that these stipulations target in particular the abuse of facial recognition technology during hotel check-ins and entrances to residential compounds.
