In the last twenty-four hours, have you logged onto Facebook or Google and uploaded a picture?  Walked into a retail store or past a billboard advertisement on the streets? If you have, chances are a company may have collected personal data with the use of facial recognition technology without you even knowing. Facial recognition technology can be used to identify individuals by measuring and analyzing physiological and behavioral characteristics. This biometric technology identifies those characteristics that are generally distinct to an individual as it “encodes physical properties that are immutable” and cannot be easily changed. With this new technology, companies can collect your faceprint as you go about your day, which is arguably, just as personal to an individual as their fingerprint.

While the technology is rapidly advancing, with more and more companies and institutions using facial recognition technology each day, it is quickly becoming one of the nation’s great unknowns. Currently, there are no federal laws that expressly regulate the software, nor is there data available on how much it is being used by American businesses to track customers and collect data. The lack of regulation within this blossoming industry leaves citizens open to abuse by entities looking to exploit a person’s identity for their own financial gain.

As policy talks are far from reaching a consensus as to a code of conduct, customers are left trying to apply general privacy laws and other potentially relevant legislation for protection. The GAO released a report in July 2015 which highlights existing federal laws that could be extended to apply to facial recognition technology.  An alternative source of protection may come from state law. At least forty-seven states and the District of Columbia currently have privacy laws enacted, which could provide some protection for consumers against FRT, and thirty-two states have enacted laws limiting the storage of personal information. Two states have enacted legislation that specifically addresses the use of facial recognition technology and the data the technology collects. Texas and Illinois both have biometric privacy laws that directly address facial recognition technology. Both acts require an entity to obtain consent from an individual before collecting a “biometric identifier,” which is defined as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” Further, the acts strictly limit maintaining records and sharing biometric data with a third party to special circumstances.

As facial recognition technology promises to only advance in the coming years, it is apparent that either federal or state legislation must be enacted in order to best protect virtually all people, as this technology is so widespread.

Eric Ahlzadeh



Comments are closed.