A passenger is using "One ID" facial recognition service at the Guangzhou Baiyun International Airport on August 5, 2020. Photo: Courtesy of the Guangzhou Baiyun International Airport
The Supreme People's Court (SPC) of China on Wednesday issued judicial rules to regulate the use of facial recognition, stipulating that no app can require users to provide unnecessary personal information. Specifically, the regulation requires apps to ask for consent from users when facial recognition information is involved.
Experts said the new rules come at a time when excessive collection and abuse of facial data have become major threats to personal information and privacy.
"At present, abuse of facial recognition may threaten an individual's payment security, but its potential risks may extend to threats against their personal safety, such as drone attacks using facial recognition," Liu Gang, director of the Nankai Institute of Economics and chief economist at the Chinese Institute of New Generation Artificial Intelligence Development Strategies, told the Global Times on Wednesday.
Facial recognition, a new technology broadly used in China that helped the country to effectively contain the coronavirus, is facing tougher regulation as China strengthens protection of personal data and people's privacy following growing concerns among the public.
A Beijing-based resident surnamed Sun uses facial recognition to pay for her orders on China's takeaway delivery platform eleme.com and e-commerce giant Taobao.
"Even though it is quite convenient, I am worried that this technology may place me in huge hidden dangers. What if hackers steal my facial data and use my accounts to pay their own bills?" Sun told the Global Times on Wednesday.
Abuses of facial recognition technology take place frequently, officials from the SPC told a press For example, several well-known stores collected consumers' facial information without their consent to develop different marketing strategies by analyzing consumers' genders, ages and moods.
"Such behavior seriously damages the personal rights of those involved, leaving regulation urgently needed," Yang Wanming, vice president of the SPC, said at the press conference.
Yang also warned that all aspects of facial verification, recognition or analysis by hotels, shopping malls, banks, traffic stations, airports, stadiums or entertainment places -- if conducted in violation of China's laws and regulations -- constitute rights infringement.
As China is deploying some new technologies to grow its burgeoning artificial intelligence industry, many cities are adopting intelligent management with the use of facial recognition technology. For instance, some residential compounds require residents to input their facial information so that they can "face swipe" at the gate so they gain admission faster.
However, such types of information are linked with a resident's address and other personal information. If leaked, they will potentially compromise citizens' personal privacy.
"In practice, some property management companies require residents to input their face information and use facial recognition as the only verification method to enter and leave the compound," Guo Feng, deputy chief of the research office of the SPC, told the press conference.
This violates the principle of informed consent, and it has aroused mounting doubt among the public, Guo said. "We should embrace new technology but must respect personal rights at the same time. Property management companies shall not infringe on residents' personal rights in the name of intelligent management."
On the local level, Shenzhen in South China's Guangdong Province is moving first to implement strict personal data protection steps, including limits on the use of facial recognition, starting from next year.
The Chinese technology hub's regulation mandates that apps cannot refuse to offer core services to users who don't agree to provide their personal data.
After a decade-long boom in China's online economy, the country is reining in the development of internet titans over data security concerns.
The Cyberspace Administration of China in June removed the country's most widely used ride-hailing app, Didi Chuxing, from app stores due to its serious violations of laws and regulations in the collection and use of personal data.
"Data collection by Chinese internet companies should be standardized and there is also a necessity to explore the data trading market," Liu said. The trading of anonymized medical data should be encouraged, as it will benefit patients.
"Now it's time to test our flexibility of policy-making and dynamic management capability - how to enhance regulation, while leave the economy and the industry's development unharmed."