FTC issues guidelines for facial recognition

The FTC has released a set of guidelines for companies using facial recognition technologies in a gentle warning that nevertheless goes too far for one commission member.

Organizations should design their services with consumer privacy in mind, says the FTC. They should develop reasonable security protections for the information they collect, together with sound methods for determining when to keep information and when to dispose of it.

They should also consider the sensitivity of information when developing facial recognition products and services – for example, digital signs using facial recognition technologies shouldn’t be set up in places where children congregate.

“Fortunately, the commercial use of facial recognition technologies is still young,” the report states. “This creates a unique opportunity to ensure that as this industry grows, it does so in a way that respects the privacy interests of consumers while preserving the beneficial uses the technology has to offer.”

Social networks using facial recognition should give clear information about how it works, what data it collects, and how that data will be used.  They also should provide consumers with an easy-to-use opt-out for the collection of biometric data, and the ability to turn the feature off at any time and have their photos permanently deleted.

The FTC st4resses that the report is intended for guidance only, and not as a template for law enforcement. Nevertheless, it goes too far for one of the five commissioners, J Thomas Rosch.

“I believe the report goes to far, too soon,” he writes.

“There is nothing to establish that this misconduct has occurred or even that it is likely to occur in the near future. It is at least premature for anyone, much less the Commission, to suggest to businesses that they should adopt as ‘best practices’ safeguards that may be costly and inefficient against misconduct that may never occur.”