Agreement Struck on Facial Recognition Best Practices

Industry stakeholders pleased, absent public interest stakeholders not so much

The National Telecommunications & Information Administration and stakeholders have agreed on a set of voluntary best practices for facial recognition technologies (FRTs).

That came in a meeting in Washington Friday in the latest in a series of multistakeholder privacy efforts to put some meat on the Obama Administration's privacy bill of rights—others have been on drone and app best practices.

The final version of the document had yet to be published at press time, but the discussion draft can be accessed here and was said to track closely with the final version.

Industry stakeholders seemed pleased, though civil society stakeholders who boycotted the process last year were clearly not, with those two results likely related.

“We want to thank stakeholders for their hard work in completing a document that provides the first ever nationwide guidance on the responsible commercial use of facial recognition technology. Through this process, stakeholders advanced the conversation on how to balance innovation and privacy when it comes to the use of this technology. However, multistakeholder processes are strongest when all interested parties participate and are willing to engage on all issues. We appreciate those stakeholders who remained engaged in the process until its conclusion. We look forward to continuing the conversation with stakeholders on how to make further progress on this important issue.”

The best practice language was heavy on "encouraged to" and "should," in what was described as a general road map, left up to the parties to mark the best route to the destination of fair information practices.

For example, companies are encouraged to allow an individual to control sharing of their facial data with unaffiliated third parties and "should" take measures to protect that data.

The guidelines don't apply to "aggregate or non-identifying analysis"—counting the number of customers entering a store or determining (for marketing purposes) the age and sex of people watching a video display. They also don't apply to "security applications, law enforcement, national security, intelligence or military uses."

“The best practices announced today will advance privacy, transparency and accountability among the entities that use facial recognition technology," said Software & Information Industry Association senior VP Mark MacCarthy. "As FRT applications and business models rapidly evolve, the best practices will help ensure that consumer privacy is respected and new technologies are responsibly adopted."

"Today proves that stakeholders from different worlds with diverse priorities can come together to develop industry guidelines that promote innovation and protect personal privacy," said Carl Szabo, senior policy counsel for NetChoice. "From customer service to finding lost dogs, to photo organizing, developers of facial recognition applications will now have 'rules of the road' as they develop the latest and greatest tech products and applications.  This is by no means the end of facial recognition guidelines but the NTIA has led a successful effort that has built a strong foundation that will enable U.S. consumers to reap the benefits of a valuable technology that will make life more convenient and secure.”

"CTA is proud to be among the key industry stakeholders supporting best practices for facial recognition technologies that balance consumer protection with technological innovation," said Alex Reynolds, director, regulatory affairs for the Consumer Technology Association. "Facial recognition tech is a rapidly developing innovation we should welcome and embrace, and we thank NTIA staff for their diligent and expert support throughout the meetings."

“IAB thanks the NTIA for convening the Privacy Multistakeholder Process on Facial Recognition Technology," said David Grimaldi, EVP of public policy for the Interactive Advertising Bureau (IAB). "Over the past 28 months we have had the opportunity to learn from a broad set of stakeholders and experts in the field of facial recognition technology. As a result of this dialogue, we are better informed about how this still-nascent technology will need to coexist with consumer expectations. We look forward to future evolutions of this conversation.”

For those who sat out the meetings alluded to by the NTIA spokeswoman, the result was a nonstarter.

"The 'Privacy Best Practice Recommendations for Commercial Facial Recognition Use' that have finally emerged from the multistakeholder process convened by the National Telecommunications and Information Administration (NTIA) are not worthy of being described as 'best practices," they said in a joint statement. "In fact, they reaffirm the decision by consumer and privacy advocates to withdraw from the proceedings. In aiming to provide a 'flexible and evolving approach to the use of facial recognition technology' they provide scant guidance for businesses and no real protection for individuals, and make a mockery of the Fair Information Practice Principles on which they claim to be grounded."

The "they" in that stinging statement included Center for Digital Democracy, Common Sense Kids Action, Consumer Action, the Consumer Federation of America, Consumer Watchdog.