Skip to main content

Federal Trade Commission Turns an Eye to Facial Recognition

Written by Amy Malone

This week the Federal Trade Commission released a best practices guide that outlines how companies using facial recognition can protect consumer privacy.  The Commission continued to push the “privacy by design” model that it first promoted in its March 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change.”

The key areas targeted in the report are facial recognition technologies used on social networking sites, digital signs and sites that allow people to upload pictures and use those pictures to simulate changes in their appearance, like a haircut.  In each area, the Commission stressed the privacy by design pillars of data security, transparency, consumer choice and data retention limits.   The Commission gave examples of how companies could incorporate privacy by design in each of the target areas.  One example was that stores using digital signs to snap pictures of customers could post information at the entrance of the store telling customers that photos of them may be taken in the store so customers can decide whether or not they want to enter the location.   And social networking sites can inform users of how uploaded images will be used and give the users a chance to opt out of certain features.  For instance, most members of Facebook upload images to share with friends and family (the Commission reported that in one month 2.5 billion photos were uploaded to Facebook) and do not realize they are freely contributing to the largest facial recognition database on the planet.  The Commission suggested letting the user opt out of being part of the data base.

The report also stressed the importance of obtaining “affirmative express consent” in at least two situations: (1) before using biometric data in a way that materially differs from why it was collected and (2) if the data is used to identify anonymous images.  The goal of obtaining affirmative consent is to prevent data owners from being blindsided by unintended uses of their information, such as your Facebook photo being used by a mobile app to reveal your identity to a stranger who shot a picture of you in a restaurant.  It sounds like something out of the Matrix, but it could happen today if the app had access to Facebook’s data base of billions of identified pictures.

Despite pushing the importance of these practices the Commission pointed out that they encourage self-regulation and this report does not serve as a “template for law enforcement actions or regulations under laws currently enforced by the FTC.”

Although the report claims that it doesn’t serve as a template, it may draw attention to help legislators like Al Franken gather support to pass legislation limiting the use of facial recognition and other biometric technologies.


Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.