SEPTEMBER 2018 1 PRIVACY PRINCIPLES FOR FACIAL RECOGNITION TECHNOLOGY IN COMMERCIAL APPLICATIONS INTRODUCTION The consumer-facing applications of facial recognition technology continue to evolve and appear in new contexts. There are several key functions that benefit from facial recognition technology, including: (1) safety and security; (2) access and authentication; (3) photograph and video storage identification and organization; (4) accessibility to platforms, accounts, or services, and (5) marketing and customer service. There are also, however, specific concerns about the privacy protections needed for the responsible use of this expanding technology. These Principles are meant to apply to personally identifiable information (PII) based on the development and use of facial recognition technology as defined and described here.1 The Principles have been designed to drive responsible data use by those businesses and on-line platforms developing and using facial recognition technology in commercial settings; to establish a foundation of protections for personal data that is deserving of user trust; and to inform the conversation behind various legislative initiatives on the specifics of the technology, and the technical and policy protections available. These Principles are intended to set industry best practices, inform consumer expectations, and educate policymakers regarding the various technologies discussed. They are not intended to be used directly as a model bill or legislative language since, as with any technology, new business practices and consumer needs may evolve and warrant ongoing evaluation. It is important to first clarify the distinctions between various types of facial scanning systems, generally understood to encompass a spectrum from facial detection (no PII collected), through facial characterization (no personal templates or enrollment), and ultimately including facial verification and identification purposes (personalized templates created and stored).2 Not all 1 There are also non-privacy considerations for responsible FR practices. Discriminatory outcomes resulting from insufficiently diverse training sets is one of the non-privacy related harms that can result from improper use of facial characterization or recognition systems. Deliberate care should be taken in designing and training a facial recognition system to ensure that facial recognition algorithms have comparable levels of accuracy across demographic variances such as race, gender, and age. An ability to demonstrate or audit this testing is highly desired. Of course, companies may not use facial recognition technology to enable illegal discrimination based on race, color, sex, national origin, disability, or age. 2 All terms are defined in Annex A. 2 public camera usage, or even all facial scanning, constitutes “facial recognition” or even involves the creation of personal data. The creation or storage of a photo or video on its own does not inherently implicate facial recognition privacy concerns, nor do basic facial detection systems that do not create or collect personalized information about an individual consumer’s image. Data collected by these detection programs is not a template, is not identifiable, linked, or linkable to individuals, and does not trigger the protections provided by these principles. Likewise, facial characterization programs do not routinely create or retain personably identifiable facial templates. Facial characterization technology is evolving rapidly, however, particularly with some applications employing artificial intelligence and machine learning techniques, and should continually be evaluated whe