CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide

FTC releases guidelines for facial-recognition use

Among its many recommendations is that companies should be transparent about collecting data and what the information is used for.

Shared tablets could benefit from multiple user profiles identified by facial-recognition technology. Viewdle
Facial recognition isn't just science fiction anymore, and that's causing the U.S. Federal Trade Commission to issue some usage guidelines to protect the privacy of consumers.

The FTC has some pretty obvious recommendations -- like not putting facial recognition-equipped digital signs in bathrooms or where children gather. But it also makes some good points, such as how to provide consumers with simplified choices and increase the transparency of the data collection.

Importantly, the FTC said services should be designed with privacy in mind. That includes integrating data-security protections that help prevent unauthorized scraping for unintended secondary uses. Companies also should establish and maintain retention and disposal guidelines for the data they collect, the FTC said.

Companies should be transparent about what data they're collecting and how the information is being used. And they should ask for consent in certain scenarios, including when the data is being used differently than the manner represented when collecting it. And companies shouldn't allow facial recognition to identify anonymous images of a consumer to someone who wouldn't otherwise know the person, unless they get express consent first.

Facial recognition has been garnering more attention from tech companies, but it also has faced some criticism. The technology can be used to tag friends in photos, provide targeted advertising, and allow for vision-based security, among its other uses. But automatic tagging or collecting user information can also violate privacy, something the FTC wants to avoid.

The FTC said its guidelines are best practices not intended to serve as a template for law enforcement actions or regulations. But the group warned that if a company uses facial-recognition technology in ways that are unfair or deceptive, it can take action.

Here are some of the recommendations:
• Companies should develop reasonable security protections for the information they collect, and sound methods for determining when to keep information and when to dispose of it.

• Companies should consider the sensitivity of information when developing their facial-recognition products and services -- for example, digital signs using facial-recognition technologies should not be set up in places where children congregate.

• Companies should take steps to make sure consumers are aware of facial-recognition technologies when they come in contact with them.

• Consumers should have a choice as to whether data about them is collected.

• Social networks should provide consumers with clear notice about how the feature works, what data it collects, and how that data will be used.

• Social networks should provide an easy choice not to have their biometric data collected and used for facial recognition, the ability to turn off the feature at any time, and the ability to have data previously collected from their photos permanently deleted.

• There are at least two scenarios where companies should get consumers' express consent before collecting or using biometric data. First is when the data is used in a different manner than represented when collecting the data. Second, companies shouldn't use facial recognition to identify anonymous images of a consumer to someone who could not otherwise identify the person.