As a response to the growing use of facial recognition technology, the FTC has just published its "best practices" for companies to adhere to when stepping into these often-controversial waters. In the report's introduction, the FTC notes that while there are a wide variety of use cases for facial recognition, it also finds that the technology can raise "serious privacy concerns" due to the potential for identifying anonymous individuals without consent, as well as the ever-present possibility of identification data being stolen through security breaches. The FTC released this report after a four to one vote, with with Commissioner J. Thomas Rosch issuing his own dissenting statement.
At a high level, the FTC's recommendations aren't too surprising: it recommends designing services with consumer privacy in mind, developing "reasonable security protections" and "sound methods" for deciding when to keep and delete data, and "considering the sensitivity of information" when developing facial recognition technology. For example, the FTC would recommend not setting up digital signage that uses facial recognition in areas where children are known to gather. The FTC is also advocating for full disclosure about recognition technologies from commercial businesses, so that consumers can avoid them if they so choose. That goes for social networks as well, with the FTC stating that users should easily be able to see what information is being collected and how they can opt out and have their data deleted.
"Social networks should obtain consumers' affirmative express consent before identifying their anonymous images to users who could not otherwise identify them."
The FTC also said that social networks need to responsibly use facial recognition data and ensure that users should not be identified to those who aren't already "friends" with said user without express consent. Senator Al Franken has been targeting Facebook for some months now regarding the company's lack of clarity around what facial recognition data it shares with other users, so we're not at all surprised to see this provision. Facebook has also been targeted by Germany for its policy of requiring users to opt-out of facial recognition data collection, rather than requiring users to opt-in to have that information collected.
While the FTC's guidelines aren't legally enforceable and "not intended to serve as a template for law enforcement actions," it believes that following these guidelines will be good for consumers and business alike. The FTC believes that implementing these practices will promote consumer trust," thus making individuals more open to these technologies. Given the recent backlash over facial recognition usage like SceneTap's bar-scanning service — which the FTC explicitly cited in its report — a set of guidelines for using this data responsibly seems like a much-needed (and possibly overdue) step.